fix(auth): validate email field (#8698)

ui/tests/auth-login.spec.ts

@@ -48,22 +48,20 @@ test.describe("Login Flow", () => {
   test("should handle empty form submission", async ({ page }) => {
     // Submit empty form
     await submitLoginForm(page);
-    await verifyLoginError(page, ERROR_MESSAGES.INVALID_CREDENTIALS);
+    await verifyLoginError(page, ERROR_MESSAGES.INVALID_EMAIL);
+
     // Verify we're still on login page
     await expect(page).toHaveURL(URLS.LOGIN);
   });
 
-  /*
-  TODO: This test is failing, need UI work before.
   test("should validate email format", async ({ page }) => {
     // Attempt login with invalid email format
     await login(page, TEST_CREDENTIALS.INVALID_EMAIL_FORMAT);
-    // Verify error message (application shows generic error for invalid email format too)
-    await verifyLoginError(page, ERROR_MESSAGES.INVALID_CREDENTIALS);
+    // Verify field-level email validation message
+    await verifyLoginError(page, ERROR_MESSAGES.INVALID_EMAIL);
     // Verify we're still on login page
     await expect(page).toHaveURL(URLS.LOGIN);
   });
-  */
 
   test("should toggle SAML SSO mode", async ({ page }) => {
     // Toggle to SAML mode

ui/tests/helpers.ts

@@ -2,6 +2,7 @@ import { Page, expect } from "@playwright/test";
 
 export const ERROR_MESSAGES = {
   INVALID_CREDENTIALS: "Invalid email or password",
+  INVALID_EMAIL: "Please enter a valid email address.",
 } as const;
 
 export const URLS = {
@@ -69,7 +70,8 @@ export async function verifyLoginError(
   page: Page,
   errorMessage = "Invalid email or password",
 ) {
-  await expect(page.getByText(errorMessage)).toBeVisible();
+  // There may be multiple field-level errors with the same text; assert at least one is visible
+  await expect(page.getByText(errorMessage).first()).toBeVisible();
   await expect(page).toHaveURL("/sign-in");
 }