fix(email): throw when authenticated user has no email or wrong email

The previous condition only checked for a mismatch when the user had a
non-empty email address. Users without an email (e.g. the admin) would
silently pass through, letting the page load with nodeId: 0 and
showing the generic "Document not found" error.

Invert the guard: allow only when email matches, otherwise throw with
a clear message asking the user to log out.
Also improves the error message from the generic "Invalid user" to
"This document is not yours. Log out and use the sign link again."

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Author: vitormattos

lib/Service/IdentifyMethod/Email.php

@@ -130,15 +130,16 @@ private function throwIfIsAuthenticatedWithDifferentAccount(): void {
 			return;
 		}
 		$email = $this->entity->getIdentifierValue();
-		if (!empty($user->getEMailAddress()) && $user->getEMailAddress() !== $email) {
-			if ($this->getEntity()->getCode() && !$this->getEntity()->getIdentifiedAtDate()) {
-				return;
-			}
-			throw new LibresignException(json_encode([
-				'action' => JSActions::ACTION_DO_NOTHING,
-				'errors' => [['message' => $this->identifyService->getL10n()->t('Invalid user')]],
-			]));
+		if (!empty($user->getEMailAddress()) && $user->getEMailAddress() === $email) {
+			return;
 		}
+		if ($this->getEntity()->getCode() && !$this->getEntity()->getIdentifiedAtDate()) {
+			return;
+		}
+		throw new LibresignException(json_encode([
+			'action' => JSActions::ACTION_DO_NOTHING,
+			'errors' => [['message' => $this->identifyService->getL10n()->t('This document is not yours. Log out and use the sign link again.')]],
+		]));
 	}
 
 	private function throwIfAccountAlreadyExists(): void {