SECURITY: Only allow users to resend activation email with a valid session.

* Improve error when an active user tries to request for an activation email.

app/assets/javascripts/discourse/controllers/not-activated.js.es6

@@ -1,4 +1,5 @@
 import { ajax } from 'discourse/lib/ajax';
+import { popupAjaxError } from 'discourse/lib/ajax-error';
 import ModalFunctionality from 'discourse/mixins/modal-functionality';
 
 export default Ember.Controller.extend(ModalFunctionality, {
@@ -9,9 +10,13 @@ export default Ember.Controller.extend(ModalFunctionality, {
   },
 
   actions: {
-    sendActivationEmail: function() {
-      ajax('/users/action/send_activation_email', {data: {username: this.get('username')}, type: 'POST'});
-      this.set('emailSent', true);
+    sendActivationEmail() {
+      ajax('/users/action/send_activation_email', {
+        data: { username: this.get('username') },
+        type: 'POST'
+      }).then(() => {
+        this.set('emailSent', true);
+      }).catch(popupAjaxError);
     }
   }