From 2328f89dfc2c6627e4ecb9bb3cc30184383b6907 Mon Sep 17 00:00:00 2001
From: Michael Collins <15347726+michaeljcollinsuk@users.noreply.github.com>
Date: Fri, 10 Jan 2025 10:20:12 +0000
Subject: [PATCH] Improve justice email validation

---
 controlpanel/oidc.py            | 3 ++-
 controlpanel/settings/common.py | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/controlpanel/oidc.py b/controlpanel/oidc.py
index 18d86ef5..beacb683 100644
--- a/controlpanel/oidc.py
+++ b/controlpanel/oidc.py
@@ -34,7 +34,8 @@ def create_user(self, claims):
             "email": claims.get(settings.OIDC_FIELD_EMAIL),
             "name": self.normalise_name(claims.get(settings.OIDC_FIELD_NAME)),
         }
-        if user_details["email"].endswith("justice.gov.uk"):
+        email_domain = user_details["email"].split("@")[-1]
+        if email_domain in settings.JUSTICE_EMAIL_DOMAINS:
             user_details["justice_email"] = user_details["email"]
 
         return User.objects.create(**user_details)
diff --git a/controlpanel/settings/common.py b/controlpanel/settings/common.py
index 837649ea..a4677c01 100644
--- a/controlpanel/settings/common.py
+++ b/controlpanel/settings/common.py
@@ -198,6 +198,8 @@
 OIDC_FIELD_USERNAME = "nickname"
 OIDC_STORE_ID_TOKEN = True
 
+JUSTICE_EMAIL_DOMAINS = ["justice.gov.uk", "cica.justice.gov.uk"]
+
 # Auth0
 AUTH0 = {
     "client_id": OIDC_RP_CLIENT_ID,