public IActionResult Login(User user) { if (user == null) { return(BadRequest("Invalid client request")); } string usernameOrEmail = user.Username; // Username can hold username or email on the client side. User userFromDatabase = _context.Users .Where(u => u.Username == usernameOrEmail || u.Email == usernameOrEmail) .FirstOrDefault(); if (userFromDatabase == null) { return(NotFound()); } bool areMatchingPasswords = _hashService.AreMatchingPasswords(userFromDatabase.Password, user.Password); if (areMatchingPasswords) { string token = _createJwtQuery.Execute(userFromDatabase); return(Ok(new { Token = token })); } return(Unauthorized()); }