I, too, can confirm a "login portlet" bug. Here, the portlet behaves slightly different (I am using a several months old "core-buildout" Plone installation which likely corresponds to some Plone 5.2 beta version). An initial analysis revealed that the "login portlet" uses
login_form as form action. This action successfully verifies the login parameters (that's why we see the toolbar) but for some still unknown reason does not set the session cookie (that's why the next request is again unauthenticated) and does not perform the redirect but instead redisplays the login form.
I will continue the analysis and report back. But, you could already file a bug report.