WebUserServive don't expose pw and apitoken to ui

Author: fnkbsi

src/main/java/de/rwth/idsg/steve/service/WebUserService.java

@@ -195,8 +195,8 @@ public WebUserForm getDetails(Integer webUserPk) {
 
         form.setEnabled(ur.getEnabled());
         form.setWebUsername(ur.getUsername());
-        form.setPassword(ur.getPassword());
-        form.setApiToken(ur.getApiToken());
+        form.setPassword(""); // don't expose the pw 
+        form.setApiToken(""); // ur.getApiToken()
         form.setAuthorities(rolesStr(fromJson(ur.getAuthorities())));
 
         return form;