Added few missing code and changes.

Author: Adit Sheth

src/Identity/Extensions.Core/src/LockoutOptions.cs

@@ -37,5 +37,5 @@ public class LockoutOptions
     /// Specifies whether the lockout should be permanent.
     /// If true, the user will be locked out indefinitely.
     /// </summary>
-    public bool PermanentLockout { get; set; } = false;
+    public bool PermanentLockout { get; set; }
 }

src/Identity/Extensions.Core/src/PublicAPI.Shipped.txt

@@ -184,6 +184,8 @@ Microsoft.AspNetCore.Identity.LockoutOptions.AllowedForNewUsers.get -> bool
 Microsoft.AspNetCore.Identity.LockoutOptions.AllowedForNewUsers.set -> void
 Microsoft.AspNetCore.Identity.LockoutOptions.DefaultLockoutTimeSpan.get -> System.TimeSpan
 Microsoft.AspNetCore.Identity.LockoutOptions.DefaultLockoutTimeSpan.set -> void
+Microsoft.AspNetCore.Identity.LockoutOptions.PermanentLockout.get -> bool
+Microsoft.AspNetCore.Identity.LockoutOptions.PermanentLockout.set -> void
 Microsoft.AspNetCore.Identity.LockoutOptions.LockoutOptions() -> void
 Microsoft.AspNetCore.Identity.LockoutOptions.MaxFailedAccessAttempts.get -> int
 Microsoft.AspNetCore.Identity.LockoutOptions.MaxFailedAccessAttempts.set -> void

src/Identity/Extensions.Core/src/UserManager.cs

@@ -1812,39 +1812,39 @@ public virtual async Task<IdentityResult> SetLockoutEndDateAsync(TUser user, Dat
     /// </summary>
     /// <param name="user">The user whose failed access count to increment.</param>
     /// <returns>The <see cref="Task"/> that represents the asynchronous operation, containing the <see cref="IdentityResult"/> of the operation.</returns>
-public virtual async Task<IdentityResult> AccessFailedAsync(TUser user)
-{
-    ThrowIfDisposed();
-    var store = GetUserLockoutStore();
-    ArgumentNullThrowHelper.ThrowIfNull(user);
-
-// If this puts the user over the threshold for lockout, lock them out and reset the access failed count
-    var count = await store.IncrementAccessFailedCountAsync(user, CancellationToken).ConfigureAwait(false);
-    if (count < Options.Lockout.MaxFailedAccessAttempts)
+    public virtual async Task<IdentityResult> AccessFailedAsync(TUser user)
     {
-        return await UpdateUserAsync(user).ConfigureAwait(false);
-    }
-    Logger.LogDebug(LoggerEventIds.UserLockedOut, "User is locked out.");
+        ThrowIfDisposed();
+        var store = GetUserLockoutStore();
+        ArgumentNullThrowHelper.ThrowIfNull(user);
 
-    // Prevent overflow when setting lockout end date
-    var now = DateTimeOffset.UtcNow;
-    DateTimeOffset lockoutEnd;
+        // If PermanentLockout is enabled, lock the user indefinitely
+        if (Options.Lockout.PermanentLockout)
+        {
+            Logger.LogDebug(LoggerEventIds.UserLockedOut, "User is permanently locked out.");
+            await store.SetLockoutEndDateAsync(user, DateTimeOffset.MaxValue, CancellationToken).ConfigureAwait(false);
+            return await UpdateUserAsync(user).ConfigureAwait(false);
+        }
 
-    if (Options.Lockout.DefaultLockoutTimeSpan == TimeSpan.MaxValue)
-    {
-        lockoutEnd = DateTimeOffset.MaxValue;
-    }
-    else
-    {
-        lockoutEnd = now > (DateTimeOffset.MaxValue - Options.Lockout.DefaultLockoutTimeSpan)
+        // Increment access failed count
+        var count = await store.IncrementAccessFailedCountAsync(user, CancellationToken).ConfigureAwait(false);
+        if (count < Options.Lockout.MaxFailedAccessAttempts)
+        {
+            return await UpdateUserAsync(user).ConfigureAwait(false);
+        }
+
+        Logger.LogDebug(LoggerEventIds.UserLockedOut, "User is locked out.");
+
+        // Set the lockout time based on configuration
+        var now = DateTimeOffset.UtcNow;
+        DateTimeOffset lockoutEnd = Options.Lockout.DefaultLockoutTimeSpan == TimeSpan.MaxValue
             ? DateTimeOffset.MaxValue
             : now.Add(Options.Lockout.DefaultLockoutTimeSpan);
-    }
 
-    await store.SetLockoutEndDateAsync(user, lockoutEnd, CancellationToken).ConfigureAwait(false);
-    await store.ResetAccessFailedCountAsync(user, CancellationToken).ConfigureAwait(false);
-    return await UpdateUserAsync(user).ConfigureAwait(false);
-}
+        await store.SetLockoutEndDateAsync(user, lockoutEnd, CancellationToken).ConfigureAwait(false);
+        await store.ResetAccessFailedCountAsync(user, CancellationToken).ConfigureAwait(false);
+        return await UpdateUserAsync(user).ConfigureAwait(false);
+    }
 
     /// <summary>
     /// Resets the access failed count for the specified <paramref name="user"/>.

src/Identity/test/Identity.Test/UserManagerTest.cs

@@ -1013,13 +1013,18 @@ public async Task ResetTokenCallNoopForTokenValueZero()
     }
 
     [Fact]
-    public async Task AccessFailedAsync_IncrementsAccessFailedCount()
+    public async Task AccessFailedAsyncIncrementsAccessFailedCount()
     {
         // Arrange
         var user = new PocoUser() { UserName = "testuser" };
         var store = new Mock<IUserLockoutStore<PocoUser>>();
-        store.Setup(x => x.GetAccessFailedCountAsync(user, It.IsAny<CancellationToken>())).ReturnsAsync(1);
-        store.Setup(x => x.IncrementAccessFailedCountAsync(user, It.IsAny<CancellationToken>())).ReturnsAsync(2);
+        int failedCount = 1; // Simulated access failed count
+
+        store.Setup(x => x.GetAccessFailedCountAsync(user, It.IsAny<CancellationToken>()))
+             .ReturnsAsync(() => failedCount); // Return the updated value dynamically
+
+        store.Setup(x => x.IncrementAccessFailedCountAsync(user, It.IsAny<CancellationToken>()))
+             .ReturnsAsync(() => ++failedCount); // Increment and return the new count
 
         var manager = MockHelpers.TestUserManager(store.Object);
 
@@ -1029,8 +1034,9 @@ public async Task AccessFailedAsync_IncrementsAccessFailedCount()
         // Assert
         IdentityResultAssert.IsSuccess(result);
         store.Verify(x => x.IncrementAccessFailedCountAsync(user, It.IsAny<CancellationToken>()), Times.Once);
-        var failedCount = await manager.GetAccessFailedCountAsync(user);
-        Assert.Equal(2, failedCount);
+
+        var newFailedCount = await manager.GetAccessFailedCountAsync(user);
+        Assert.Equal(2, newFailedCount); // Ensure the count was actually updated
     }
 
     [Fact]