Protected against missing member for id token

no-issue

If a cookie still exists after a member has been deleted we can have
some strange requests, this just ensures that we check for existence.

ghost/members-api/index.js

@@ -102,6 +102,9 @@ module.exports = function MembersApi({
     }
     async function getMemberIdentityToken(email){
         const member = await getMemberIdentityData(email);
+        if (!member) {
+            return null;
+        }
         return encodeIdentityToken({sub: member.email});
     }