A colleague of mine wanted to write a small desktop
time-registration program for use with our (new and
shiny!) project management Roundup tracker. Our tracker
is available over the internet for those that work at
home, so we disallow all viewing by anonymous users.

Unfortunately this means his program will also have to
authenticate. He obivously doesn't want to bother with
cookies for such a program. I found that Roundup only
supported HTTP Basic Authentication done by a front-end
Apache server. While we done run Apache in front of
Roundup, that's not where we do authentication. We
probably should, some day, but it was easier to
implement HTTP Basic Authentication in Roundup for now. 

I did a small bit of refactoring to avoid duplicating
code already in LoginAction. Before refactoring, I
wrote some tests for the LoginAction, so if you decide
you don't want to accept this whole patch, you should
probably apply the tests anyway.

BTW: I also came across a catch clause for Unauthorised
in roundup_server, but I don't think any Unauthorised
exceptions will ever come there. A remnant of the HTTP
Basic Authentication Roundup used long ago?