Check user is logged-in before changing the email address (#4321)

assets/locales/en.po

@@ -779,9 +779,7 @@ msgid "Mail Update Email Intro 1"
 msgstr "Hello %s,"
 
 msgid "Mail Update Email Intro 2"
-msgstr ""
-"You asked to change your email address. "
-"If you didn't initiate this request, please contact us by replying directly to this email."
+msgstr "You asked to change the email address of your Cozy."
 
 msgid "Mail Update Email Button instruction"
 msgstr "Click on the following button to confirm the new address."

assets/locales/fr.po

@@ -857,9 +857,7 @@ msgid "Mail Update Email Intro 1"
 msgstr "Bonjour %s,"
 
 msgid "Mail Update Email Intro 2"
-msgstr ""
-"Vous avez demandé à changer votre adresse email. Si ce n'est pas le cas, "
-"contactez-nous en réponse à cet email."
+msgstr "Vous avez demandé à changer l'adresse email de votre Cozy."
 
 msgid "Mail Update Email Button instruction"
 msgstr "Cliquez sur le bouton suivant pour valider votre changement d'adresse email."

assets/mails/update_email.mjml

@@ -5,6 +5,8 @@
 </mj-text>
 <mj-text mj-class="content-medium">
 	{{t "Mail Update Email Intro 1" .PublicName}}<br />
+</mj-text>
+<mj-text mj-class="content-medium">
 	{{t "Mail Update Email Intro 2"}}
 </mj-text>
 <mj-text mj-class="content-medium">

web/settings/settings.go

@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"net/url"
 	"strings"
 
 	"github.com/cozy/cozy-stack/model/feature"
@@ -167,9 +168,15 @@ func (h *HTTPHandler) deleteEmail(c echo.Context) error {
 }
 
 func (h *HTTPHandler) getEmailConfirmation(c echo.Context) error {
-	tok := c.QueryParam("token")
 	inst := middlewares.GetInstance(c)
+	if !middlewares.IsLoggedIn(c) {
+		u := inst.PageURL("/auth/login", url.Values{
+			"redirect": {inst.FromURL(c.Request().URL)},
+		})
+		return c.Redirect(http.StatusSeeOther, u)
+	}
 
+	tok := c.QueryParam("token")
 	settingsURL := inst.SubDomain("settings").String()
 
 	err := h.svc.ConfirmEmailUpdate(inst, tok)