public IActionResult Login(User user)
{
if (user == null)
{
return(BadRequest("Invalid client request"));
}
string usernameOrEmail = user.Username; // Username can hold username or email on the client side.
User userFromDatabase = _context.Users
.Where(u => u.Username == usernameOrEmail || u.Email == usernameOrEmail)
.FirstOrDefault();
if (userFromDatabase == null)
{
return(NotFound());
}
bool areMatchingPasswords = _hashService.AreMatchingPasswords(userFromDatabase.Password, user.Password);
if (areMatchingPasswords)
{
string token = _createJwtQuery.Execute(userFromDatabase);
return(Ok(new { Token = token }));
}
return(Unauthorized());
}