When doing the authentication of a user and when no password is provided, SQ should:
- consider that the login is actually a token
- search is such a token exists for a given user
- and if it does, authenticate the corresponding user
Note that in such case, the permissions of the user for this session must be restricted (see
SONAR-7044). This means that we have to keep this information somewhere in the session.