def login(context, request):
"""Display a login prompt."""
if request.method != 'POST':
return {'error': ''}
if 'username' not in request.params:
return {'error': 'Username is required.'}
if 'password' not in request.params:
return {'error': 'Password is required.'}
username = request.params['username']
password = request.params['password']
users = User.view('pyramid/user_list', key=username)
if len(users) == 0:
return {'error': 'User not found.'}
if not users.first().authenticate(password):
return {'error': 'Bad password.'}
headers = remember(request, username)
redirect = '%s/auth/postlogin' % request.application_url
return HTTPFound(location=redirect, headers=headers)
