AAI-386: Restrict user registration to a restricted list of domains [SBP]

[minh-biocommons]

Description

AAI-386: Restrict user registration to a restricted list of domains [SBP]

Changes

• Added email domain validation for sbp register route
• Added sbp allowed list to settings
• Added/updated relevant tests

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have added unit / integration tests that prove my fix is effective or that my feature works
• I have run all tests locally and they pass
• I have updated the documentation (if applicable)

[Copilot]

Pull Request Overview

Implements email domain validation for SBP user registration to restrict registration to approved institutional domains.

• Added domain validation logic to check email addresses against an allowed list
• Added configuration for approved institutional domains (UNSW, BioCommons, USyd, WEHI, Monash, Griffith, UoM)
• Updated tests to use approved domains and validate the new restriction functionality

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
config.py	Adds list of approved email domains for SBP registration
routers/sbp_register.py	Implements email domain validation with rejection logic
tests/test_sbp_register.py	Updates test data and adds validation tests

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[marius-mather]

A few minor comments, but please use an existing email parser like email-validator to extract the domain - email addresses can have all kinds of weirdness, better to use a library that already handles all of it.

[Copilot]

Pull Request Overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[marius-mather]

Looks good, thanks