-
Committer:
Barry Warsaw
-
Date:
2012-12-26 23:57:33 UTC
-
mfrom:
(7191.1.4 lp1065447)
-
Revision ID:
barry@list.org-20121226235733-1bccgsjdgmijeqw0
* A user's password can be verified by POSTing to .../user/<id>/login. The
data must contain a single parameter `cleartext_password` and if this
matches, a 204 (No Content) will be returned, otherwise a 403 (Forbidden)
is returned. (LP: #1065447)
Also:
* Clean up the users.rst REST page so that it reads as better documentation.
Move some tests into the unittests.
* Fix (with a new test), the handling of ExistingAddressError when creating
new users via REST.
* Fix (with a new test), the crashing when .../users/<id>/addresses is
referenced on a non-existing user.
* Add hex_md5 as a deprecated passlib hash scheme for the test suite. This
allows us to test hash migration by creating an initial has as hex_md5
(another crappy hash), and watching verified passwords get migrated to
roundup_plaintext (and even crappier hash ;).