The user can subscribe with the same email account

[obotisan]

[Affected versions]:

• Firefox 62.0
• Firefox 64.0a1

[Affected Platforms]:

• Windows 10 x64
• macOS 10.13
• Ubuntu 16.04 x64

[Steps to reproduce]:

1. Navigate to https://fx-breach-alerts.herokuapp.com/
2. Click on the Subscribe button.
3. Write a valid email address and confirm the subscription.
4. Repeat steps 1 and 2.
5. Write the same email as in step 3.

[Expected result]:

• An error that the email is already subscribed to Firefox Monitor should be displayed.

[Actual result]:

• The user can subscribe with the same email over and over again.

[Regression]:

• I don't think this is a regression.

[Notes]:

• Considering the fact that these emails are already being monitored, there should be a way to notify people that their email is already subscribed to this service.

[groovecoder]

Need a UX decision here ...

To help prevent user enumeration attacks, we may not necessarily want to show that the email is already subscribed to Firefox Monitor.

@jsavory - is it okay to leave this behavior as-is?

We have code to prevent sending duplicate notifications to duplicate subscribers. We could add code to delete duplicate subscriber records periodically too, but that will just be data cleanup - no effect on the user receiving alerts.

We should at least add code to delete all duplicate subscriber records when a user clicks an Unsubscribe link.

[lesleyjanenorton]

Closing since this will no longer be possible post-FxA integration.