Merge pull request #1655 from ConductionNL/fix/login-response

Let's not show api-keys in the login api-call response

api/src/Controller/UserController.php

@@ -275,14 +275,17 @@ private function cleanupLoginResponse(array $userArray): array
         if (isset($userArray['organization']['users']) === true) {
             unset($userArray['organization']['users']);
         }
+
         if (isset($userArray['organization']['applications']) === true) {
             foreach ($userArray['organization']['applications'] as &$application) {
-                unset($application['organization']);
+                unset($application['secret'], $application['organization']);
             }
         }
+
         foreach ($userArray['applications'] as &$application) {
-            unset($application['organization']);
+            unset($application['secret'], $application['organization']);
         }
+
         foreach ($userArray['securityGroups'] as &$securityGroup) {
             unset($securityGroup['users']);
             unset($securityGroup['parent']);