Fix #5212: Allow larger IPv6 bans

app/models/ip_ban.rb

@@ -69,8 +69,8 @@ class IpBan < ApplicationRecord
       errors.add(:ip_addr, "may not have a subnet bigger than /24")
     elsif partial_ban? && ip_addr.ipv4? && ip_addr.prefix < 8
       errors.add(:ip_addr, "may not have a subnet bigger than /8")
-    elsif full_ban? && ip_addr.ipv6? && ip_addr.prefix < 64
+    elsif full_ban? && ip_addr.ipv6? && ip_addr.prefix < 48
-      errors.add(:ip_addr, "may not have a subnet bigger than /64")
+      errors.add(:ip_addr, "may not have a subnet bigger than /48")
     elsif partial_ban? && ip_addr.ipv6? && ip_addr.prefix < 20
       errors.add(:ip_addr, "may not have a subnet bigger than /20")
     elsif new_record? && IpBan.active.where(category: category).ip_matches(subnetted_ip).exists?

test/unit/ip_ban_test.rb

@@ -31,6 +31,7 @@ class IpBanTest < ActiveSupport::TestCase
     should allow_value("1.2.3.4/24").for(:ip_addr)
     should allow_value("ABCD::1234").for(:ip_addr)
     should allow_value("ABCD::1234/64").for(:ip_addr)
+    should allow_value("ABCD::1234/48").for(:ip_addr)
 
     should_not allow_value("").for(:ip_addr)
     should_not allow_value("foo").for(:ip_addr)
@@ -39,5 +40,6 @@ class IpBanTest < ActiveSupport::TestCase
     should_not allow_value("127.0.0.1").for(:ip_addr)
     should_not allow_value("1.2.3.4/16").for(:ip_addr)
     should_not allow_value("ABCD::1234/32").for(:ip_addr)
+    should_not allow_value("ABCD::1234/47").for(:ip_addr)
   end
 end