From e04714b8c97315440bde52955a8a7ecfd8211ec8 Mon Sep 17 00:00:00 2001
From: Saurav Mishra <saurav.mishra@bizbrolly.com>
Date: Mon, 22 Jun 2026 15:26:27 +0530
Subject: [PATCH] fix issue of  feature multiple login attempt

---
 .../users/IEMRAdminUserServiceImpl.java       | 28 +++++++++++++++----
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/iemr/common/service/users/IEMRAdminUserServiceImpl.java b/src/main/java/com/iemr/common/service/users/IEMRAdminUserServiceImpl.java
index 3d20be1b..13adda14 100644
--- a/src/main/java/com/iemr/common/service/users/IEMRAdminUserServiceImpl.java
+++ b/src/main/java/com/iemr/common/service/users/IEMRAdminUserServiceImpl.java
@@ -265,12 +265,28 @@ public List<User> userAuthenticate(String userName, String password) throws Exce
 				checkUserAccountStatus(user);
 				iEMRUserRepositoryCustom.save(user);
 			} else if (validatePassword == 0) {
-				if (user.getFailedAttempt() + 1 < failedAttempt) {
-					user.setFailedAttempt(user.getFailedAttempt() + 1);
+				int currentFailedAttempt =
+						user.getFailedAttempt() != null ? user.getFailedAttempt() : 0;
+
+				int newFailedAttempt = currentFailedAttempt + 1;
+				int remainingAttempts = failedAttempt - newFailedAttempt;
+				if (newFailedAttempt < failedAttempt) {
+
+					user.setFailedAttempt(newFailedAttempt);
 					user = iEMRUserRepositoryCustom.save(user);
+
 					logger.warn("User Password Wrong");
-					throw new IEMRException("Invalid username or password");
-				} else if (user.getFailedAttempt() + 1 >= failedAttempt) {
+
+					if (remainingAttempts == 1) {
+						throw new IEMRException(
+								"Invalid username or password. Remaining attempts: 1. "
+										+ "If you enter wrong username or password again, your account will be locked.");
+					}
+
+					throw new IEMRException(
+							"Invalid username or password. Remaining attempts: "
+									+ remainingAttempts);
+				}else if (user.getFailedAttempt() + 1 >= failedAttempt) {
 					user.setFailedAttempt(user.getFailedAttempt() + 1);
 					user.setDeleted(true);
 					user = iEMRUserRepositoryCustom.save(user);
@@ -278,14 +294,14 @@ public List<User> userAuthenticate(String userName, String password) throws Exce
 							ConfigProperties.getInteger("failedLoginAttempt"));
 
 					throw new IEMRException(
-							"Invalid username or password. Please contact administrator.");
+							"Your account has been locked due to multiple failed login attempts. Please contact administrator.");
 				} else {
 					user.setFailedAttempt(user.getFailedAttempt() + 1);
 					user = iEMRUserRepositoryCustom.save(user);
 					logger.warn("Failed login attempt {} of {} for a user account.",
 							user.getFailedAttempt(), ConfigProperties.getInteger("failedLoginAttempt"));
 					throw new IEMRException(
-							"Invalid username or password. Please contact administrator.");
+							"Your account has been locked due to multiple failed login attempts. Please contact administrator.");
 				}
 			} else {
 				checkUserAccountStatus(user);