public async Task <IActionResult> Login([FromBody] LoginViewModel model)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            User user = await _userManager.FindByNameAsync(model.Email);

            if (user == null)
            {
                ModelState.AddModelError("login_error", "user not found");
                return(BadRequest());
            }

            // return claims information
            List <Claim> claims = new List <Claim>();
            var          roles  = await _userManager.GetRolesAsync(user);

            foreach (string role in roles)
            {
                claims.Add(new Claim(ClaimTypes.Role, role));
            }

            var result = await _signInManager.CheckPasswordSignInAsync(user, model.Password, false);

            if (result.Succeeded)
            {
                var jwt = await _jwtManager.GenerateJwtStringAsync(model.Email, claims);

                if (jwt == null)
                {
                    ModelState.AddModelError("login_error", "authentication error");
                    return(BadRequest(ModelState));
                }

                // return jwt in cookie
                HttpContext.Response.Cookies.Append("Authorization", "Bearer " + jwt, new CookieOptions {
                    HttpOnly = true
                });

                string name = "user";

                return(Ok(new
                {
                    role = roles.Contains("admin") ? "admin" : "user",
                    name = name
                }));
            }
            else
            {
                if (result.IsLockedOut)
                {
                    ModelState.AddModelError("login_error", "Account is locked out");
                }
                else if (result.IsNotAllowed)
                {
                    ModelState.AddModelError("login_error", "Account access is not allowed");
                }
                else
                {
                    ModelState.AddModelError("login_error", "Incorrect username/password");
                }

                return(BadRequest(ModelState));
            }
        }