public ProfileAuthenticationResponseDto Authenticate(ProfileAuthenticationRequestDto profileFromUi) { // Validating parameters var invalidParams = new List <string>(); if (!IsValidEmail(profileFromUi.Email)) // TODO: Do I need email validation on login? { invalidParams.Add(nameof(profileFromUi.Email)); } if (invalidParams.Any()) { throw new ValidationException(invalidParams); } var profileFromDb = _profileRepository.GetProfileByEmail(profileFromUi.Email); if (profileFromDb == null) { throw new AuthenticationException(); } if (profileFromDb.LockDate.HasValue && profileFromDb.LockDate.Value < DateTime.Now.AddDays(1))// TODO: Magic number { throw new DomainModelException("Account locked"); } if (!VerifyPasswordHash(profileFromUi.Password, profileFromDb.PasswordHash, profileFromDb.PasswordSalt)) { _profileRepository.AddAttempt(profileFromDb.Email); if (profileFromDb.IncorrectAttempts >= 5)// TODO: Magic number { _profileRepository.LockProfile(profileFromDb.Email); throw new DomainModelException("Account locked"); } throw new AuthenticationException(); } // Generating response var responseProfile = new ProfileAuthenticationResponseDto { Email = profileFromDb.Email }; var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new [] { new Claim(ClaimTypes.Name, profileFromDb.Id.ToString()), }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials ( new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature ) }; var token = tokenHandler.CreateToken(tokenDescriptor); responseProfile.Token = tokenHandler.WriteToken(token); return(responseProfile); }