Remove legacy auth usage of $_SESSION (librenms#10491)

* Remove auth use of $_SESSION

Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()

* revert accidental replacement

LibreNMS/Alert/AlertUtil.php

@@ -26,7 +26,7 @@
 namespace LibreNMS\Alert;
 
 use App\Models\Device;
-use LibreNMS\Authentication\LegacyAuth;
+use App\Models\User;
 use LibreNMS\Config;
 use PHPMailer\PHPMailer\PHPMailer;
 
@@ -85,7 +85,7 @@ public static function getContacts($results)
             $email = Config::get('alert.default_mail', Config::get('alerts.email.default'));
             return $email ? [$email => ''] : [];
         }
-        $users = LegacyAuth::get()->getUserlist();
+        $users = User::query()->thisAuth()->get();
         $contacts = array();
         $uids = array();
         foreach ($results as $result) {
@@ -126,9 +126,6 @@ public static function getContacts($results)
             if (empty($user['realname'])) {
                 $user['realname'] = $user['username'];
             }
-            if (empty($user['level'])) {
-                $user['level'] = LegacyAuth::get()->getUserlevel($user['username']);
-            }
             if (Config::get('alert.globals') && ( $user['level'] >= 5 && $user['level'] < 10 )) {
                             $contacts[$user['email']] = $user['realname'];
             } elseif (Config::get('alert.admins') && $user['level'] == 10) {

LibreNMS/Authentication/LegacyAuth.php

@@ -74,50 +74,10 @@ public static function reset()
         return static::get();
     }
 
-    public static function check()
-    {
-        self::checkInitSession();
-        return isset($_SESSION['authenticated']) && $_SESSION['authenticated'];
-    }
-
-    public static function user()
-    {
-        self::checkInitSession();
-        return new UserProxy();
-    }
-
-    public static function id()
-    {
-        self::checkInitSession();
-        return isset($_SESSION['user_id']) ? $_SESSION['user_id'] : 0;
-    }
-
-    protected static function checkInitSession()
-    {
-        if (!isset($_SESSION)) {
-            @session_start();
-            session_write_close();
-        }
-    }
-
     public static function setUpLegacySession()
     {
-        if (Auth::check()) {
-            $user = Auth::user();
-
+        if (!isset($_SESSION)) {
             @session_start();
-            $_SESSION['username'] = $user->username;
-
-            // set up legacy variables, but don't override existing ones (ad anonymous bind can only get user_id at login)
-            if (!isset($_SESSION['userlevel'])) {
-                $_SESSION['userlevel'] = $user->level;
-            }
-
-            if (!isset($_SESSION['user_id'])) {
-                $_SESSION['user_id'] = $user->user_id;
-            }
-
-            $_SESSION['authenticated'] = true;
             session_write_close();
         }
     }

app/Listeners/AuthEventListener.php

@@ -6,7 +6,6 @@
 use DB;
 use Illuminate\Auth\Events\Login;
 use Illuminate\Auth\Events\Logout;
-use LibreNMS\Authentication\LegacyAuth;
 use Request;
 use Toastr;
 
@@ -36,9 +35,6 @@ public function login(Login $event)
         DB::table('authlog')->insert(['user' => $user->username ?: '', 'address' => Request::ip(), 'result' => 'Logged In']);
 
         Toastr::info('Welcome ' . ($user->realname ?: $user->username));
-
-        // Authenticated, set up legacy session stuff.  TODO Remove once ajax and graphs are ported to Laravel.
-        LegacyAuth::setUpLegacySession();
     }
 
     /**
@@ -53,9 +49,5 @@ public function logout(Logout $event)
         $user = $event->user ?: (object)['username' => 'Not found'];
 
         DB::table('authlog')->insert(['user' => $user->username ?: '', 'address' => Request::ip(), 'result' => 'Logged Out']);
-
-        @session_start();
-        unset($_SESSION['authenticated']);
-        session_destroy();
     }
 }

html/ajax_form.php

@@ -12,12 +12,10 @@
  * the source code distribution for details.
  */
 
-use LibreNMS\Authentication\LegacyAuth;
-
 $init_modules = array('web', 'auth', 'alerts');
 require realpath(__DIR__ . '/..') . '/includes/init.php';
 
-if (!LegacyAuth::check()) {
+if (!Auth::check()) {
     die('Unauthorized');
 }
 

html/ajax_list.php

@@ -13,12 +13,10 @@
  * the source code distribution for details.
  */
 
-use LibreNMS\Authentication\LegacyAuth;
-
 $init_modules = array('web', 'auth');
 require realpath(__DIR__ . '/..') . '/includes/init.php';
 
-if (!LegacyAuth::check()) {
+if (!Auth::check()) {
     die('Unauthorized');
 }
 

html/ajax_listports.php

@@ -10,12 +10,10 @@
  * @copyright  (C) 2006 - 2012 Adam Armstrong
  */
 
-use LibreNMS\Authentication\LegacyAuth;
-
 $init_modules = array('web', 'auth');
 require realpath(__DIR__ . '/..') . '/includes/init.php';
 
-if (!LegacyAuth::check()) {
+if (!Auth::check()) {
     die('Unauthorized');
 }
 

html/ajax_ossuggest.php

@@ -15,12 +15,10 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-use LibreNMS\Authentication\LegacyAuth;
-
 $init_modules = array('web', 'auth');
 require realpath(__DIR__ . '/..') . '/includes/init.php';
 
-if (!LegacyAuth::check()) {
+if (!Auth::check()) {
     die('Unauthorized');
 }
 

html/ajax_output.php

@@ -12,8 +12,6 @@
  * the source code distribution for details.
  */
 
-use LibreNMS\Authentication\LegacyAuth;
-
 session_start();
 if (isset($_SESSION['stage']) && $_SESSION['stage'] == 2) {
     $init_modules = array('web', 'nodb');
@@ -22,7 +20,7 @@
     $init_modules = array('web', 'auth', 'alerts');
     require realpath(__DIR__ . '/..') . '/includes/init.php';
 
-    if (!LegacyAuth::check()) {
+    if (!Auth::check()) {
         die('Unauthorized');
     }
 }