prevent invalid bans

lib/philomena/bans/fingerprint.ex

@@ -34,5 +34,6 @@ defmodule Philomena.Bans.Fingerprint do
     |> Time.assign_time(:until, :valid_until)
     |> BanId.put_ban_id("F")
     |> validate_required([:reason, :enabled, :fingerprint, :valid_until])
+    |> check_constraint(:valid_until, name: :fingerprint_ban_duration_must_be_valid)
   end
 end

lib/philomena/bans/subnet.ex

@@ -34,6 +34,7 @@ defmodule Philomena.Bans.Subnet do
     |> Time.assign_time(:until, :valid_until)
     |> BanId.put_ban_id("S")
     |> validate_required([:reason, :enabled, :specification, :valid_until])
+    |> check_constraint(:valid_until, name: :subnet_ban_duration_must_be_valid)
     |> mask_specification()
   end
 

lib/philomena/bans/user.ex

@@ -39,6 +39,7 @@ defmodule Philomena.Bans.User do
     |> populate_user_id()
     |> BanId.put_ban_id("U")
     |> validate_required([:reason, :enabled, :user_id, :valid_until])
+    |> check_constraint(:valid_until, name: :user_ban_duration_must_be_valid)
   end
 
   defp populate_username(changeset) do

lib/philomena_web/controllers/admin/user_ban_controller.ex

@@ -54,6 +54,9 @@ defmodule PhilomenaWeb.Admin.UserBanController do
 
       {:error, :user_ban, changeset, _changes} ->
         render(conn, "new.html", changeset: changeset)
+
+      {:error, changeset} ->
+        render(conn, "new.html", changeset: changeset)
     end
   end
 

priv/repo/migrations/20210121200815_add_ban_duration_constraints.exs

@@ -0,0 +1,9 @@
+defmodule Philomena.Repo.Migrations.AddBanDurationConstraints do
+  use Ecto.Migration
+
+  def change do
+    create constraint("user_bans", "user_ban_duration_must_be_valid", check: "valid_until < '4000-01-01'")
+    create constraint("subnet_bans", "subnet_ban_duration_must_be_valid", check: "valid_until < '4000-01-01'")
+    create constraint("fingerprint_bans", "fingerprint_ban_duration_must_be_valid", check: "valid_until < '4000-01-01'")
+  end
+end

priv/repo/structure.sql

@@ -2,7 +2,7 @@
 -- PostgreSQL database dump
 --
 
--- Dumped from database version 13.0 (Debian 13.0-1.pgdg100+1)
+-- Dumped from database version 13.1 (Debian 13.1-1.pgdg100+1)
 -- Dumped by pg_dump version 13.1 (Debian 13.1-1.pgdg100+1)
 
 SET statement_timeout = 0;
@@ -576,7 +576,8 @@ CREATE TABLE public.fingerprint_bans (
     created_at timestamp without time zone NOT NULL,
     updated_at timestamp without time zone NOT NULL,
     banning_user_id integer NOT NULL,
-    generated_ban_id character varying NOT NULL
+    generated_ban_id character varying NOT NULL,
+    CONSTRAINT fingerprint_ban_duration_must_be_valid CHECK ((valid_until < '4000-01-01 00:00:00'::timestamp without time zone))
 );
 
 
@@ -1455,7 +1456,8 @@ CREATE TABLE public.subnet_bans (
     updated_at timestamp without time zone NOT NULL,
     banning_user_id integer NOT NULL,
     specification inet,
-    generated_ban_id character varying NOT NULL
+    generated_ban_id character varying NOT NULL,
+    CONSTRAINT subnet_ban_duration_must_be_valid CHECK ((valid_until < '4000-01-01 00:00:00'::timestamp without time zone))
 );
 
 
@@ -1673,7 +1675,8 @@ CREATE TABLE public.user_bans (
     user_id integer NOT NULL,
     banning_user_id integer NOT NULL,
     generated_ban_id character varying NOT NULL,
-    override_ip_ban boolean DEFAULT false NOT NULL
+    override_ip_ban boolean DEFAULT false NOT NULL,
+    CONSTRAINT user_ban_duration_must_be_valid CHECK ((valid_until < '4000-01-01 00:00:00'::timestamp without time zone))
 );
 
 
@@ -4798,3 +4801,4 @@ INSERT INTO public."schema_migrations" (version) VALUES (20200725234412);
 INSERT INTO public."schema_migrations" (version) VALUES (20200817213256);
 INSERT INTO public."schema_migrations" (version) VALUES (20200905214139);
 INSERT INTO public."schema_migrations" (version) VALUES (20201124224116);
+INSERT INTO public."schema_migrations" (version) VALUES (20210121200815);