updates

Backend/src/services/auth_service.py

@@ -146,16 +146,28 @@ class AuthService:
 
     async def login(self, db: Session, email: str, password: str, remember_me: bool = False, mfa_token: str = None) -> dict:
         """Login user with optional MFA verification"""
+        # Normalize email (lowercase and strip whitespace)
+        email = email.lower().strip() if email else ""
+        if not email:
+            raise ValueError("Invalid email or password")
+        
         # Find user with role and password
         user = db.query(User).filter(User.email == email).first()
         if not user:
+            logger.warning(f"Login attempt with non-existent email: {email}")
             raise ValueError("Invalid email or password")
 
+        # Check if user is active
+        if not user.is_active:
+            logger.warning(f"Login attempt for inactive user: {email}")
+            raise ValueError("Account is disabled. Please contact support.")
+
         # Load role
         user.role = db.query(Role).filter(Role.id == user.role_id).first()
 
         # Check password
         if not self.verify_password(password, user.password):
+            logger.warning(f"Login attempt with invalid password for user: {email}")
             raise ValueError("Invalid email or password")
 
         # Check if MFA is enabled