feature/parametrize-allowed-email-addresses (#1370)

django_app/redbox_app/redbox_core/views/signup_views.py

@@ -49,9 +49,9 @@ def post(self, request: HttpRequest) -> HttpResponse:
 
         # Only allow .gov.uk email accounts
         email = request.POST.get("email")
-        allowed_emails = ".gov.uk", "@covid19.public-inquiry.uk"
+        allowed_emails = settings.ALLOWED_EMAIL_DOMAINS
         if not any(email.endswith(allowed_email) for allowed_email in allowed_emails):
-            form.add_error("email", "The email must be a valid gov.uk email account")
+            form.add_error("email", "The email must be a valid email account")
 
         if form.is_valid():
             request.session["sign_up_data"] = form.cleaned_data

django_app/redbox_app/settings.py

@@ -393,3 +393,5 @@ def filter_transactions(event):
 MESSAGE_THROTTLE_SECONDS_MIN = env.int("MESSAGE_THROTTLE_SECONDS_MIN", 1)
 MESSAGE_THROTTLE_SECONDS_MAX = env.int("MESSAGE_THROTTLE_SECONDS_MAX", 10)
 MESSAGE_THROTTLE_RATE = env.float("MESSAGE_THROTTLE_RATE", 0.1)
+
+ALLOWED_EMAIL_DOMAINS = [domain.strip() for domain in env.str("ALLOWED_EMAIL_DOMAINS", ".gov.uk").split(",")]

infrastructure/aws/data.tf

@@ -37,6 +37,8 @@ locals {
     "MESSAGE_THROTTLE_SECONDS_MAX": var.message_throttle_seconds_max,
     "MESSAGE_THROTTLE_SECONDS_MIN": var.message_throttle_seconds_min,
     "MESSAGE_THROTTLE_RATE": var.message_throttle_rate,
+
+    "ALLOWED_EMAIL_DOMAINS": var.allowed_email_domains,
   }
 
   django_app_secrets = {

infrastructure/aws/variables.tf

@@ -236,3 +236,9 @@ variable "message_throttle_rate" {
   default     = 0.1
   description = "message throttling rate"
 }
+
+variable "allowed_email_domains" {
+  type        = string
+  default     = ".gov.uk"
+  description = "comma separated list of email domains"
+}