* A user's password can be verified by POSTing to .../user/<id>/login. The data must contain a single parameter `cleartext_password` and if this matches, a 204 (No Content) will be returned, otherwise a 403 (Forbidden) is returned. (LP: #1065447)
Also: * Clean up the users.rst REST page so that it reads as better documentation. Move some tests into the unittests. * Fix (with a new test), the handling of ExistingAddressError when creating new users via REST. * Fix (with a new test), the crashing when .../users/<id>/addresses is referenced on a non-existing user. * Add hex_md5 as a deprecated passlib hash scheme for the test suite. This allows us to test hash migration by creating an initial has as hex_md5 (another crappy hash), and watching verified passwords get migrated to roundup_plaintext (and even crappier hash ;).