def login(context, request): """Display a login prompt.""" if request.method != 'POST': return {'error': ''} if 'username' not in request.params: return {'error': 'Username is required.'} if 'password' not in request.params: return {'error': 'Password is required.'} username = request.params['username'] password = request.params['password'] users = User.view('pyramid/user_list', key=username) if len(users) == 0: return {'error': 'User not found.'} if not users.first().authenticate(password): return {'error': 'Bad password.'} headers = remember(request, username) redirect = '%s/auth/postlogin' % request.application_url return HTTPFound(location=redirect, headers=headers)