Fedora

------

Re-add the old jsonfasprovider and jsonfasvisit plugins until we get everything
ported over to CSRF protection. To use the new providers, change your app.cfg::

-visit.manager="jsonfas"
-identity.provider="jsonfas"
+visit.manager="jsonfas2"
+identity.provider="jsonfas2"

------

------

CSRF
====
CSRF is a vulnerability that can allow malicious web sites to execute server
methods on behalf of an authenticated user. This update has some methods to
help deal with that:

* Added helpers for enabling CSRF protection to services. For information on
adding support to your app, read doc/CSRF.rst or the html version:
https://fedorahosted.org/releases/p/y/python-fedora/doc/CSRF.html
* Update client code to use CSRF tokens when needed.

Other Feature Changes
=====================
* Add Django Authentication provider.
* Undeprecate AccountSystem.people_by_id() for now -- we need a fas server
update before we can use people_by_key().
* Correct loggers to show messages originate from jsonfasprovider and
jsonfasvisit.
* Add parameter to client classes to allow not checking server certificates.
This is **only** intended for use when running test servers with bad certs.

Bugfixes
========
* python-2.4 compatibility fix when an http error is received in ProxyClient
* Fix fedora.client.ServerError to print information about the error in the
traceback.

-------
* Fix to the mediawiki client for python-2.4 compatibility.

-----

-----
* Minor fix for traceback when the session file is unreadable.
* Fix so that ProxyClient follows redirects.
* Fix a bug where fas2.py::AccountSystem::verify_password() always returns
True.
* Add task to publish documentation to the website. Publish documentation to
the website at: https://fedorahosted.org/releases/p/y/python-fedora/doc/

-----

-----
* Port the client module to use pycurl instead of urllib2. This prepares the
way for SSL authentication and fixes a problem with https proxying.
* Fix bug in BodhiClient.testable()
* Update proxyclient to accept either 403 or 401 as http status codes raising
AuthErrors.
* New client.fas2.AccountSystem methods to make fasClient more efficient:
- group_data(): returns mapping group names to group type and the userids of
the administrator, sponsors, and users of the group.
- user_data(): returns mapping of userids to a username, password hash,
SSH pub key, email address, and status.
* Fix AppError exception on python-2.4

-----

-----
* Update to bugzilla email addresses.
* Add documentation for working with translations.
* add username argument for BodhiClient.
* Update PackageDB.clone_branch() command for new server method.
* Allow exceptions passed back by the server to contain extra information.
* New fedora.tg.util.json_or_redirect() decorator that allows server methods to
either return a dict per normal or redirect to another URL.

-----