Permit to show $_password in REST session server (#1799)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm

@@ -201,8 +201,8 @@ sub delete2F {
     return $self->sendJSONresponse( $req, { result => 1 } );
 }
 
-sub session {
-    my ( $self, $req, $id, $skey ) = @_;
+sub _session {
+    my ( $self, $raw, $req, $id, $skey ) = @_;
     my ( %h, $res );
     return $self->sendError( $req, 'Bad request', 400 ) unless ($id);
     my $mod = $self->getMod($req)
@@ -214,11 +214,13 @@ sub session {
 
     my %session = %{ $apacheSession->data };
 
-    foreach my $k ( keys %session ) {
-        $session{$k} = '**********'
-          if ( $self->hAttr =~ /\b$k\b/ );
-        $session{$k} = [ split /$self->separator/o, $session{$k} ]
-          if ( $session{$k} =~ /$self->separator/o );
+    unless ($raw) {
+        foreach my $k ( keys %session ) {
+            $session{$k} = '**********'
+              if ( $self->hAttr =~ /\b$k\b/ );
+            $session{$k} = [ split /$self->separator/o, $session{$k} ]
+              if ( $session{$k} =~ /$self->separator/o );
+        }
     }
 
     if ($skey) {
@@ -237,6 +239,16 @@ sub session {
     # TODO: check for utf-8 problems
 }
 
+sub session {
+    my $self = shift;
+    return $self->_session( 0, @_ );
+}
+
+sub rawSession {
+    my $self = shift;
+    return $self->_session( 1, @_ );
+}
+
 sub getApacheSession {
     my ( $self, $mod, $id, $info, $force ) = @_;
     my $apacheSession = Lemonldap::NG::Common::Session->new( {

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm

@@ -134,7 +134,7 @@ sub init {
 
         # Methods inherited from Lemonldap::NG::Common::Session::REST
         $self->addUnauthRoute(
-            sessions => { ':sessionType' => 'session' },
+            sessions => { ':sessionType' => 'rawSession' },
             ['GET']
         );
         $self->addUnauthRoute(