From 10a80a997e82ccf9b36a9efd4b86b63ea15b048d Mon Sep 17 00:00:00 2001
From: wasim almadhagi <walmadhagi@nayalfinanace.com>
Date: Thu, 14 Nov 2024 12:04:06 +0300
Subject: [PATCH 1/3] serrated msg from blocked user and recovery

---
 schema/errors.go                       | 12 +++++++++++-
 selfservice/strategy/password/login.go |  5 ++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/schema/errors.go b/schema/errors.go
index 31b03e3256d8..0be64f57db46 100644
--- a/schema/errors.go
+++ b/schema/errors.go
@@ -125,13 +125,23 @@ func NewInvalidCredentialsError() error {
 func NewIdentityInactiveError() error {
 	return errors.WithStack(&ValidationError{
 		ValidationError: &jsonschema.ValidationError{
-			Message:     `this account is blocked please contact system administrator to regain access`,
+			Message:     `You account has been locked due to multiple failed login attempts. Please reset your password to unlock your account.`,
 			InstancePtr: "#/",
 		},
 		Messages: new(text.Messages).Add(text.NewErrorValidationIdentityInactive()),
 	})
 }
 
+func NewErrorValidationRecoveryNoStrategyFoundForBlockedAccount() error {
+	return errors.WithStack(&ValidationError{
+		ValidationError: &jsonschema.ValidationError{
+			Message:     `this account is blocked please contact system administrator to regain access`,
+			InstancePtr: "#/",
+		},
+		Messages: new(text.Messages).Add(text.NewErrorValidationRecoveryNoStrategyFoundForBlockedAccount()),
+	})
+}
+
 func NewAccountNotFoundError() error {
 	return errors.WithStack(&ValidationError{
 		ValidationError: &jsonschema.ValidationError{
diff --git a/selfservice/strategy/password/login.go b/selfservice/strategy/password/login.go
index df6e19d8aeed..f5d450e03927 100644
--- a/selfservice/strategy/password/login.go
+++ b/selfservice/strategy/password/login.go
@@ -84,9 +84,12 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow,
 		return nil, s.handleLoginError(r, f, p, errors.WithStack(schema.NewInvalidCredentialsError()))
 	}
 
-	if !i.IsActive() {
+	if i.IsInactive() {
 		return nil, s.handleLoginError(r, f, p, errors.WithStack(schema.NewIdentityInactiveError()))
 	}
+	if i.IsBlocked() {
+		return nil, s.handleLoginError(r, f, p, errors.WithStack(schema.NewErrorValidationRecoveryNoStrategyFoundForBlockedAccount()))
+	}
 
 	var o identity.CredentialsPassword
 	d := json.NewDecoder(bytes.NewBuffer(c.Config))

From 763f631545f9c49679930610535c62d2309eb0a0 Mon Sep 17 00:00:00 2001
From: wasim almadhagi <walmadhagi@nayalfinanace.com>
Date: Thu, 14 Nov 2024 12:14:52 +0300
Subject: [PATCH 2/3] we should not send blocked users a recovery code

---
 selfservice/strategy/code/code_sender.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/selfservice/strategy/code/code_sender.go b/selfservice/strategy/code/code_sender.go
index 53c0f60bcbca..e7e8454e66e5 100644
--- a/selfservice/strategy/code/code_sender.go
+++ b/selfservice/strategy/code/code_sender.go
@@ -13,6 +13,7 @@ import (
 	"github.com/ory/herodot"
 	"github.com/ory/kratos/courier/template/email"
 	"github.com/ory/kratos/courier/template/sms"
+	"github.com/ory/kratos/schema"
 
 	"github.com/ory/x/sqlcon"
 	"github.com/ory/x/stringsx"
@@ -205,7 +206,7 @@ func (s *Sender) SendRecoveryCode(ctx context.Context, f *recovery.Flow, via ide
 
 	var address *identity.RecoveryAddress
 	var err error
-
+	
 	if via == identity.VerifiableAddressTypeEmail {
 		address, err = s.deps.IdentityPool().FindRecoveryAddressByValue(ctx, identity.RecoveryAddressTypeEmail, to)
 	} else {
@@ -245,7 +246,10 @@ func (s *Sender) SendRecoveryCode(ctx context.Context, f *recovery.Flow, via ide
 	if err != nil {
 		return err
 	}
-
+	
+	if i.IsBlocked() {
+		return errors.WithStack(schema.NewErrorValidationRecoveryNoStrategyFoundForBlockedAccount())
+	}
 	rawCode := GenerateCode()
 
 	var code *RecoveryCode

From ecda95486a4e00671acf7b623f7f3a2db64e52ea Mon Sep 17 00:00:00 2001
From: wasim almadhagi <walmadhagi@nayalfinanace.com>
Date: Thu, 14 Nov 2024 12:19:57 +0300
Subject: [PATCH 3/3] update msg

---
 schema/errors.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/schema/errors.go b/schema/errors.go
index 0be64f57db46..c3b45ee9378a 100644
--- a/schema/errors.go
+++ b/schema/errors.go
@@ -125,7 +125,7 @@ func NewInvalidCredentialsError() error {
 func NewIdentityInactiveError() error {
 	return errors.WithStack(&ValidationError{
 		ValidationError: &jsonschema.ValidationError{
-			Message:     `You account has been locked due to multiple failed login attempts. Please reset your password to unlock your account.`,
+			Message:     `Your account has been locked due to multiple failed login attempts. Please reset your password to unlock your account.`,
 			InstancePtr: "#/",
 		},
 		Messages: new(text.Messages).Add(text.NewErrorValidationIdentityInactive()),