Merge pull request from GHSA-7h8m-vrxx-vr4m

* fix: handle locking policy correctly for multiple simultaneous password checks

* recheck events

internal/command/user_human_password_model.go

@@ -65,8 +65,13 @@ func (wm *HumanPasswordWriteModel) Reduce() error {
 			wm.PasswordCheckFailedCount += 1
 		case *user.HumanPasswordCheckSucceededEvent:
 			wm.PasswordCheckFailedCount = 0
+		case *user.UserLockedEvent:
+			wm.UserState = domain.UserStateLocked
 		case *user.UserUnlockedEvent:
 			wm.PasswordCheckFailedCount = 0
+			if wm.UserState != domain.UserStateDeleted {
+				wm.UserState = domain.UserStateActive
+			}
 		case *user.UserRemovedEvent:
 			wm.UserState = domain.UserStateDeleted
 		case *user.HumanPasswordHashUpdatedEvent:
@@ -92,6 +97,7 @@ func (wm *HumanPasswordWriteModel) Query() *eventstore.SearchQueryBuilder {
 			user.HumanPasswordCheckSucceededType,
 			user.HumanPasswordHashUpdatedType,
 			user.UserRemovedType,
+			user.UserLockedType,
 			user.UserUnlockedType,
 			user.UserV1AddedType,
 			user.UserV1RegisteredType,
@@ -108,5 +114,8 @@ func (wm *HumanPasswordWriteModel) Query() *eventstore.SearchQueryBuilder {
 	if wm.ResourceOwner != "" {
 		query.ResourceOwner(wm.ResourceOwner)
 	}
+	if wm.WriteModel.ProcessedSequence != 0 {
+		query.SequenceGreater(wm.WriteModel.ProcessedSequence)
+	}
 	return query
 }