Introduce AuthenticationHook#onAuthFromSession() (#5467)

Especially useful for code not for ApplicationStateHook due to the fact
that a user can block requests to /application-state.

library/Icinga/Application/Hook/AuthenticationHook.php

@@ -5,6 +5,7 @@ namespace Icinga\Application\Hook;
 use Icinga\User;
 use Icinga\Web\Hook;
 use Icinga\Application\Logger;
+use Throwable;
 
 /**
  * Icinga Web Authentication Hook base class
@@ -28,6 +29,15 @@ abstract class AuthenticationHook
     {
     }
 
+    /**
+     * Triggered after Icinga Web authenticates a user with the current session
+     *
+     * @param User $user
+     */
+    public function onAuthFromSession(User $user): void
+    {
+    }
+
     /**
      * Triggered before logout from Icinga Web
      *
@@ -37,6 +47,24 @@ abstract class AuthenticationHook
     {
     }
 
+    /**
+     * Call the onAuthFromSession() method of all registered {@link AuthenticationHook}s
+     *
+     * @param User $user
+     */
+    public static function triggerAuthFromSession(User $user): void
+    {
+        /** @var static $hook */
+        foreach (Hook::all(self::NAME) as $hook) {
+            try {
+                $hook->onAuthFromSession($user);
+            } catch (Throwable $e) {
+                // Avoid error propagation if a hook failed in a third party application
+                Logger::error($e);
+            }
+        }
+    }
+
     /**
      * Call the onLogin() method of all registered AuthHook(s)
      *

library/Icinga/Authentication/Auth.php

@@ -230,6 +230,10 @@ class Auth
                 $this->removeAuthorization();
             }
         }
+
+        if ($this->user !== null) {
+            AuthenticationHook::triggerAuthFromSession($this->user);
+        }
     }
 
     /**