Merge pull request #404 from alphagov/prevent-disposable-email-addresses

Prevent the use of disposable email addresses for signing

app/models/staged/base/creator_signature.rb

@@ -7,10 +7,10 @@ class CreatorSignature
       def initialize(petition)
         @petition = petition
       end
-      delegate :id, :to_param, :model_name, :to_key,
-               :name, :email, :uk_citizenship,
-               :postcode, :country, :constituency,
-               to: :creator_signature
+
+      delegate :id, :to_param, :model_name, :to_key, :name,
+               :email, :email?, :uk_citizenship, :postcode,
+               :country, :constituency, to: :creator_signature
 
       def validation_context
         :create

app/models/staged/base/signature.rb

@@ -6,9 +6,9 @@ class Signature
 
       attr_reader :signature
 
-      delegate :id, :to_param, :model_name, :to_key, :new_record?, :name,
-               :email, :uk_citizenship, :postcode, :country, :petition_id,
-               to: :signature
+      delegate :id, :to_param, :model_name, :to_key, :new_record?,
+               :name, :email, :email?, :uk_citizenship, :postcode,
+               :country, :petition_id, to: :signature
 
       def initialize(signature)
         @signature = signature

app/models/staged/validations/email.rb

@@ -5,6 +5,30 @@ module Email
 
       included do
         validates :email, presence: true, format: { with: EMAIL_REGEX, allow_blank: true }
+
+        validate do
+          errors.add :email, :disposable if disposable_domain?
+        end
+      end
+
+      private
+
+      def disposable_domain?
+        return false unless email?
+
+        begin
+          disposable_domains.include?(parsed_email.domain)
+        rescue Mail::Field::ParseError
+          false
+        end
+      end
+
+      def parsed_email
+        Mail::Address.new(email)
+      end
+
+      def disposable_domains
+        Rails.application.config.x.disposable_domains
       end
     end
   end