Revert "Hopefully patch exploit that allows anyone to log users out"

This reverts commit b0a3555afe.

router/user_handler.go

@@ -12,9 +12,9 @@ import (
 	"github.com/NyaaPantsu/nyaa/service/user/form"
 	"github.com/NyaaPantsu/nyaa/service/user/permission"
 	"github.com/NyaaPantsu/nyaa/util/crypto"
+	"github.com/NyaaPantsu/nyaa/util/publicSettings"
 	msg "github.com/NyaaPantsu/nyaa/util/messages"
 	"github.com/NyaaPantsu/nyaa/util/modelHelper"
-	"github.com/NyaaPantsu/nyaa/util/publicSettings"
 	"github.com/gorilla/mux"
 )
 
@@ -293,17 +293,9 @@ func UserLoginPostHandler(w http.ResponseWriter, r *http.Request) {
 // UserLogoutHandler : Controller to logout users
 func UserLogoutHandler(w http.ResponseWriter, r *http.Request) {
 	defer r.Body.Close()
-	vars := mux.Vars(r)
-	id := vars["id"]
-	currentUser := getUser(r)
-	messages := msg.GetMessages(r)
-	userProfile, _, errorUser := userService.RetrieveUserForAdmin(id)
-	if userPermission.CurrentOrAdmin(currentUser, userProfile.ID) {
-		_, _ = userService.ClearCookie(w)
-		url, _ := Router.Get("home").URL()
-		http.Redirect(w, r, url.String(), http.StatusSeeOther)
-	}
-	messages.ImportFromError("errors", errorUser)
+	_, _ = userService.ClearCookie(w)
+	url, _ := Router.Get("home").URL()
+	http.Redirect(w, r, url.String(), http.StatusSeeOther)
 }
 
 // UserFollowHandler : Controller to follow/unfollow users, need user id to follow