Require authentication on EPP logout

#700

app/controllers/epp/sessions_controller.rb

@@ -124,6 +124,15 @@ class Epp::SessionsController < EppController
   end
 
   def logout
+    unless signed_in?
+      epp_errors << {
+        code: 2201,
+        msg: 'Authorization error'
+      }
+      handle_errors
+      return
+    end
+
     @api_user = current_user # cache current_user for logging
     epp_session.destroy
     response.headers['X-EPP-Returncode'] = '1500'

app/controllers/epp_controller.rb

@@ -397,4 +397,14 @@ class EppController < ApplicationController
     name = self.class.to_s.sub("Epp::","").sub("Controller","").underscore.singularize
     instance_variable_get("@#{name}")
   end
+
+  private
+
+  def signed_in?
+    epp_session
+  end
+
+  def epp_session_id
+    cookies[:session]
+  end
 end