From 763f631545f9c49679930610535c62d2309eb0a0 Mon Sep 17 00:00:00 2001
From: wasim almadhagi <walmadhagi@nayalfinanace.com>
Date: Thu, 14 Nov 2024 12:14:52 +0300
Subject: [PATCH] we should not send blocked users a recovery code

---
 selfservice/strategy/code/code_sender.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/selfservice/strategy/code/code_sender.go b/selfservice/strategy/code/code_sender.go
index 53c0f60bcbca..e7e8454e66e5 100644
--- a/selfservice/strategy/code/code_sender.go
+++ b/selfservice/strategy/code/code_sender.go
@@ -13,6 +13,7 @@ import (
 	"github.com/ory/herodot"
 	"github.com/ory/kratos/courier/template/email"
 	"github.com/ory/kratos/courier/template/sms"
+	"github.com/ory/kratos/schema"
 
 	"github.com/ory/x/sqlcon"
 	"github.com/ory/x/stringsx"
@@ -205,7 +206,7 @@ func (s *Sender) SendRecoveryCode(ctx context.Context, f *recovery.Flow, via ide
 
 	var address *identity.RecoveryAddress
 	var err error
-
+	
 	if via == identity.VerifiableAddressTypeEmail {
 		address, err = s.deps.IdentityPool().FindRecoveryAddressByValue(ctx, identity.RecoveryAddressTypeEmail, to)
 	} else {
@@ -245,7 +246,10 @@ func (s *Sender) SendRecoveryCode(ctx context.Context, f *recovery.Flow, via ide
 	if err != nil {
 		return err
 	}
-
+	
+	if i.IsBlocked() {
+		return errors.WithStack(schema.NewErrorValidationRecoveryNoStrategyFoundForBlockedAccount())
+	}
 	rawCode := GenerateCode()
 
 	var code *RecoveryCode