public AuthenticatedResponse Authenticate(AuthenticateRequest request) { var username = request.Username; var password = request.Password; if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { return(null); } var user = _userops.GetByUsername(username); // check if username exists TODO: add exception if (user == null) { return(null); } // check if password is correct if (!VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt)) { return(null); } // generate jwt var jwt = _tokenService.GenerateJWT(user); // map to suitable user response object var userResponse = _mapper.Map <UserResponse>(user); // create user session and insert in redis _userSessionService.CreateSession(user, jwt); return(new AuthenticatedResponse { Jwt = jwt, User = userResponse }); }