Merge remote-tracking branch 'origin/support/3.0' into develop

# Conflicts:
#	application/loginwebpage.class.inc.php
#	composer.json
#	lib/composer/installed.json
#	lib/guzzlehttp/psr7/.github/workflows/ci.yml
#	lib/guzzlehttp/psr7/.github/workflows/integration.yml
#	lib/guzzlehttp/psr7/.github/workflows/static.yml
#	lib/guzzlehttp/psr7/CHANGELOG.md
#	lib/guzzlehttp/psr7/composer.json
#	lib/guzzlehttp/psr7/src/MessageTrait.php
#	tests/php-unit-tests/ItopDataTestCase.php

webservices/rest.php

@@ -95,10 +95,12 @@ try
         
 	$oKPI->ComputeAndReport('Data model loaded');
 
-	$iRet = LoginWebPage::DoLogin(false, false, LoginWebPage::EXIT_RETURN); // Starting with iTop 2.2.0 portal users are no longer allowed to access the REST/JSON API
-        $oKPI->ComputeAndReport('User login');
-        
-        if ($iRet == LoginWebPage::EXIT_CODE_OK)
+    // N°6358 - force credentials for REST calls
+    LoginWebPage::ResetSession(true);
+	$iRet = LoginWebPage::DoLogin(false, false, LoginWebPage::EXIT_RETURN);
+    $oKPI->ComputeAndReport('User login');
+
+    if ($iRet == LoginWebPage::EXIT_CODE_OK)
 	{
 		// Extra validation of the profile
 		if ((MetaModel::GetConfig()->Get('secure_rest_services') == true) && !UserRights::HasProfile('REST Services User'))
@@ -109,7 +111,7 @@ try
 	}
 	if ($iRet != LoginWebPage::EXIT_CODE_OK)
 	{
-		switch($iRet)
+        switch($iRet)
 		{
 			case LoginWebPage::EXIT_CODE_MISSINGLOGIN:
 			throw new Exception("Missing parameter 'auth_user'", RestResult::MISSING_AUTH_USER);