Init and refresh the php session each page load (#9186)

LibreNMS/Authentication/LegacyAuth.php

@@ -2,6 +2,7 @@
 
 namespace LibreNMS\Authentication;
 
+use Auth;
 use LibreNMS\Config;
 use LibreNMS\Interfaces\Authentication\Authorizer;
 
@@ -98,4 +99,26 @@ class LegacyAuth
             session_write_close();
         }
     }
+
+    public static function setUpLegacySession()
+    {
+        if (Auth::check()) {
+            $user = Auth::user();
+
+            @session_start();
+            $_SESSION['username'] = $user->username;
+
+            // set up legacy variables, but don't override existing ones (ad anonymous bind can only get user_id at login)
+            if (!isset($_SESSION['userlevel'])) {
+                $_SESSION['userlevel'] = $user->level;
+            }
+
+            if (!isset($_SESSION['user_id'])) {
+                $_SESSION['user_id'] = $user->user_id;
+            }
+
+            $_SESSION['authenticated'] = true;
+            session_write_close();
+        }
+    }
 }

app/Http/Kernel.php

@@ -35,6 +35,7 @@ class Kernel extends HttpKernel
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
             \App\Http\Middleware\VerifyCsrfToken::class,
             \App\Http\Middleware\LegacyExternalAuth::class,
+            \App\Http\Middleware\LegacySession::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
 

app/Http/Middleware/LegacySession.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * LegacySession.php
+ *
+ * -Description-
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package    LibreNMS
+ * @link       http://librenms.org
+ * @copyright  2018 Tony Murray
+ * @author     Tony Murray <murraytony@gmail.com>
+ */
+
+namespace App\Http\Middleware;
+
+use Closure;
+use LibreNMS\Authentication\LegacyAuth;
+
+class LegacySession
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        LegacyAuth::setUpLegacySession();
+
+        return $next($request);
+    }
+}

app/Listeners/AuthEventListener.php

@@ -8,6 +8,7 @@ use App\Models\User;
 use DB;
 use Illuminate\Auth\Events\Login;
 use Illuminate\Auth\Events\Logout;
+use LibreNMS\Authentication\LegacyAuth;
 use Request;
 use Session;
 use Toastr;
@@ -40,20 +41,7 @@ class AuthEventListener
         Toastr::info('Welcome ' . ($user->realname ?: $user->username));
 
         // Authenticated, set up legacy session stuff.  TODO Remove once ajax and graphs are ported to Laravel.
-        session_start();
-        $_SESSION['username'] = $user->username;
-
-        // set up legacy variables, but don't override existing ones (ad anonymous bind can only get user_id at login)
-        if (!isset($_SESSION['userlevel'])) {
-            $_SESSION['userlevel'] = $user->level;
-        }
-
-        if (!isset($_SESSION['user_id'])) {
-            $_SESSION['user_id'] = $user->user_id;
-        }
-
-        $_SESSION['authenticated'] = true;
-        session_write_close();
+        LegacyAuth::setUpLegacySession();
     }
 
     /**