Unless I missed something, the solution should be really simple; just make a normal form with a text field and a password field. When the HTTP request method is POST, try to fetch the user with the given e-mail address. If such a user doesn't exist, you have an error. If the user does exist, try to authenticate the user and log her in.
