diff --git a/src/main/scala/org/yobble/scala_monolith/models/User.scala b/src/main/scala/org/yobble/scala_monolith/models/User.scala
index 46faafd..de853fa 100644
--- a/src/main/scala/org/yobble/scala_monolith/models/User.scala
+++ b/src/main/scala/org/yobble/scala_monolith/models/User.scala
@@ -4,7 +4,7 @@ import doobie.Read
 import doobie.util.meta.Meta
 import java.util.UUID
 
-case class User(id: UUID, login: String, passwordHash: String) derives Read
+case class User(id: UUID, login: String, passwordHash: String, isBlocked: Boolean, isDeleted: Boolean) derives Read
 
 object User {
   implicit val uuidMeta: Meta[UUID] = Meta[String].timap(UUID.fromString)(_.toString)
diff --git a/src/main/scala/org/yobble/scala_monolith/repository/UserRepository.scala b/src/main/scala/org/yobble/scala_monolith/repository/UserRepository.scala
index 28a8906..fa24d4d 100644
--- a/src/main/scala/org/yobble/scala_monolith/repository/UserRepository.scala
+++ b/src/main/scala/org/yobble/scala_monolith/repository/UserRepository.scala
@@ -12,7 +12,7 @@ trait UserRepository {
 
 class UserRepositoryImpl(transactor: Transactor[IO]) extends UserRepository {
   override def findByLogin(login: String): IO[Option[User]] = {
-    sql"SELECT id, login, password_hash as passwordHash FROM users WHERE login = $login"
+    sql"SELECT id, login, password_hash as passwordHash, is_blocked as isBlocked, is_deleted as isDeleted FROM users WHERE login = $login"
       .query[User]
       .option
       .transact(transactor)
diff --git a/src/main/scala/org/yobble/scala_monolith/service/AuthService.scala b/src/main/scala/org/yobble/scala_monolith/service/AuthService.scala
index 25cae55..8fa8142 100644
--- a/src/main/scala/org/yobble/scala_monolith/service/AuthService.scala
+++ b/src/main/scala/org/yobble/scala_monolith/service/AuthService.scala
@@ -8,11 +8,17 @@ class AuthService(userRepository: UserRepository) {
 
   def login(request: LoginRequest): IO[Either[String, LoginResponse]] = {
     userRepository.findByLogin(request.login).map {
-      case Some(user) if user.passwordHash == request.password =>
+      case Some(user) if user.passwordHash != request.password =>
+        Left("Invalid login or password")
+      case Some(user) if user.isBlocked =>
+        Left("User account is disabled")
+      case Some(user) if user.isDeleted =>
+        Left("User account is deleted")
+      case Some(user) =>
         // TODO: Implement proper password hashing (e.g., with bcrypt)
         // TODO: Implement real token generation
         Right(LoginResponse(accessToken = "fake-access-token", refreshToken = "fake-refresh-token"))
-      case _ =>
+      case None =>
         Left("Invalid login or password")
     }
   }