From 30fe6ab1219a4f0b3e83b098d962159835b0b102 Mon Sep 17 00:00:00 2001
From: Kevin McConnell <kevin@37signals.com>
Date: Wed, 26 Nov 2025 09:43:11 +0000
Subject: [PATCH 1/2] Add IP-based user banning

This adds the ability to ban a user by their IP address.

When an admin is viewing a user profile, a new "Ban user" button is
present. Clicking on that will:

- Create a ban on the IP addresses that were tracked for that user's
  sessions
- Remove all the messages authored by that user
- Log the user out immediately

In addition, that user will no longer be shown in most user lists in the
app. They are still shown to admins, in account settings. Viewing their
profile from there will now show a "Remove ban" button which can be used
to restore their access (it doesn't restore their messages though --
those are already gone -- it just removes the blocks so they can log in
again).
---
 app/controllers/accounts_controller.rb        | 10 ++-
 app/controllers/application_controller.rb     |  2 +-
 .../concerns/block_banned_requests.rb         | 16 ++++
 app/controllers/messages_controller.rb        |  2 +-
 app/controllers/users/bans_controller.rb      | 19 +++++
 app/jobs/remove_banned_content_job.rb         |  5 ++
 app/models/ban.rb                             | 20 +++++
 app/models/message/broadcasts.rb              |  4 +
 app/models/user.rb                            | 11 +--
 app/models/user/bannable.rb                   | 42 +++++++++
 app/views/accounts/users/_user.html.erb       |  4 +-
 app/views/users/_ban_button.html.erb          | 13 +++
 app/views/users/show.html.erb                 | 26 ++++--
 config/routes.rb                              |  1 +
 db/migrate/20251126092013_create_bans.rb      | 11 +++
 ...115722_change_active_to_status_on_users.rb | 13 +++
 db/structure.sql                              | 14 ++-
 .../concerns/block_banned_requests_test.rb    | 32 +++++++
 .../controllers/users/bans_controller_test.rb | 85 +++++++++++++++++++
 19 files changed, 306 insertions(+), 24 deletions(-)
 create mode 100644 app/controllers/concerns/block_banned_requests.rb
 create mode 100644 app/controllers/users/bans_controller.rb
 create mode 100644 app/jobs/remove_banned_content_job.rb
 create mode 100644 app/models/ban.rb
 create mode 100644 app/models/user/bannable.rb
 create mode 100644 app/views/users/_ban_button.html.erb
 create mode 100644 db/migrate/20251126092013_create_bans.rb
 create mode 100644 db/migrate/20251126115722_change_active_to_status_on_users.rb
 create mode 100644 test/controllers/concerns/block_banned_requests_test.rb
 create mode 100644 test/controllers/users/bans_controller_test.rb

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 0691d88..be05d66 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -3,7 +3,7 @@ class AccountsController < ApplicationController
   before_action :set_account
 
   def edit
-    set_page_and_extract_portion_from User.active.ordered, per_page: 500
+    set_page_and_extract_portion_from account_users.ordered, per_page: 500
   end
 
   def update
@@ -19,4 +19,12 @@ class AccountsController < ApplicationController
     def account_params
       params.require(:account).permit(:name, :logo)
     end
+
+    def account_users
+      if Current.user.can_administer?
+        User.where(status: [ :active, :banned ])
+      else
+        User.active
+      end
+    end
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6463f2d..5e60f1e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,4 +1,4 @@
 class ApplicationController < ActionController::Base
-  include AllowBrowser, Authentication, Authorization, SetCurrentRequest, SetPlatform, TrackedRoomVisit, VersionHeaders
+  include AllowBrowser, Authentication, Authorization, BlockBannedRequests, SetCurrentRequest, SetPlatform, TrackedRoomVisit, VersionHeaders
   include Turbo::Streams::Broadcasts, Turbo::Streams::StreamName
 end
diff --git a/app/controllers/concerns/block_banned_requests.rb b/app/controllers/concerns/block_banned_requests.rb
new file mode 100644
index 0000000..6485c5a
--- /dev/null
+++ b/app/controllers/concerns/block_banned_requests.rb
@@ -0,0 +1,16 @@
+module BlockBannedRequests
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :reject_banned_ip, unless: :safe_request?
+  end
+
+  private
+    def reject_banned_ip
+      head :too_many_requests if Ban.banned?(request.remote_ip)
+    end
+
+    def safe_request?
+      request.get? || request.head?
+    end
+end
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index d93a9c6..959b652 100644
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -42,7 +42,7 @@ class MessagesController < ApplicationController
 
   def destroy
     @message.destroy
-    @message.broadcast_remove_to @room, :messages
+    @message.broadcast_remove
   end
 
   private
diff --git a/app/controllers/users/bans_controller.rb b/app/controllers/users/bans_controller.rb
new file mode 100644
index 0000000..5360f15
--- /dev/null
+++ b/app/controllers/users/bans_controller.rb
@@ -0,0 +1,19 @@
+class Users::BansController < ApplicationController
+  before_action :ensure_can_administer
+  before_action :set_user
+
+  def create
+    @user.ban
+    redirect_to @user
+  end
+
+  def destroy
+    @user.unban
+    redirect_to @user
+  end
+
+  private
+    def set_user
+      @user = User.find(params[:user_id])
+    end
+end
diff --git a/app/jobs/remove_banned_content_job.rb b/app/jobs/remove_banned_content_job.rb
new file mode 100644
index 0000000..9fbc093
--- /dev/null
+++ b/app/jobs/remove_banned_content_job.rb
@@ -0,0 +1,5 @@
+class RemoveBannedContentJob < ApplicationJob
+  def perform(user)
+    user.remove_banned_content
+  end
+end
diff --git a/app/models/ban.rb b/app/models/ban.rb
new file mode 100644
index 0000000..be5a936
--- /dev/null
+++ b/app/models/ban.rb
@@ -0,0 +1,20 @@
+class Ban < ApplicationRecord
+  belongs_to :user
+
+  validate :ip_address_is_public
+
+  def self.banned?(ip_address)
+    exists?(ip_address: ip_address)
+  end
+
+  private
+    def ip_address_is_public
+      ip = IPAddr.new(ip_address)
+
+      if ip.loopback? || ip.private? || ip.link_local?
+        errors.add(:ip_address, "cannot be a private or internal IP address")
+      end
+    rescue IPAddr::InvalidAddressError
+      errors.add(:ip_address, "is not a valid IP address")
+    end
+end
diff --git a/app/models/message/broadcasts.rb b/app/models/message/broadcasts.rb
index 78ed381..1f909dc 100644
--- a/app/models/message/broadcasts.rb
+++ b/app/models/message/broadcasts.rb
@@ -3,4 +3,8 @@ module Message::Broadcasts
     broadcast_append_to room, :messages, target: [ room, :messages ]
     ActionCable.server.broadcast("unread_rooms", { roomId: room.id })
   end
+
+  def broadcast_remove
+    broadcast_remove_to room, :messages
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index de5ba4c..20d05dd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,5 +1,5 @@
 class User < ApplicationRecord
-  include Avatar, Bot, Mentionable, Role, Transferable
+  include Avatar, Bannable, Bot, Mentionable, Role, Transferable
 
   has_many :memberships, dependent: :delete_all
   has_many :rooms, through: :memberships
@@ -13,8 +13,9 @@ class User < ApplicationRecord
   has_many :searches, dependent: :delete_all
 
   has_many :sessions, dependent: :destroy
+  has_many :bans, dependent: :destroy
 
-  scope :active, -> { where(active: true) }
+  enum :status, %i[ active deactivated banned ], default: :active
 
   has_secure_password validations: false
 
@@ -40,14 +41,10 @@ class User < ApplicationRecord
       searches.delete_all
       sessions.delete_all
 
-      update! active: false, email_address: deactived_email_address
+      update! status: :deactivated, email_address: deactived_email_address
     end
   end
 
-  def deactivated?
-    !active?
-  end
-
   def reset_remote_connections
     close_remote_connections reconnect: true
   end
diff --git a/app/models/user/bannable.rb b/app/models/user/bannable.rb
new file mode 100644
index 0000000..9d714ab
--- /dev/null
+++ b/app/models/user/bannable.rb
@@ -0,0 +1,42 @@
+module User::Bannable
+  extend ActiveSupport::Concern
+
+  def ban
+    transaction do
+      create_bans_from_sessions
+      apply_ban
+      banned!
+    end
+  end
+
+  def unban
+    transaction do
+      bans.delete_all
+      active!
+    end
+  end
+
+  def remove_banned_content_later
+    RemoveBannedContentJob.perform_later(self)
+  end
+
+  def remove_banned_content
+    messages.each do |message|
+      message.destroy
+      message.broadcast_remove
+    end
+  end
+
+  private
+    def create_bans_from_sessions
+      sessions.pluck(:ip_address).compact_blank.uniq.each do |ip|
+        bans.create!(ip_address: ip)
+      end
+    end
+
+    def apply_ban
+      close_remote_connections
+      sessions.delete_all
+      remove_banned_content_later
+    end
+end
diff --git a/app/views/accounts/users/_user.html.erb b/app/views/accounts/users/_user.html.erb
index 21ebb0a..4f5f952 100644
--- a/app/views/accounts/users/_user.html.erb
+++ b/app/views/accounts/users/_user.html.erb
@@ -1,4 +1,4 @@
-<li class="flex align-center gap margin-none">
+<li class="flex align-center gap margin-none <%= "translucent" if user.banned? %>">
   <figure class="avatar flex-item-no-shrink" style="--avatar-size: 3.75ch;">
     <%= avatar_tag user, loading: :lazy %>
   </figure>
@@ -9,7 +9,7 @@
 
   <hr class="separator" aria-hidden="true">
 
-  <% if Current.user.can_administer? && user != Current.user %>
+  <% if Current.user.can_administer? && user != Current.user && user.active? %>
     <% unless user.bot? %>
       <%= form_with model: user, url: account_user_path(user), data: { controller: "form" }, method: :patch do | form | %>
         <label class="btn txt-small flex-item-no-shrink" for="<%= dom_id(user, :role) %>">
diff --git a/app/views/users/_ban_button.html.erb b/app/views/users/_ban_button.html.erb
new file mode 100644
index 0000000..398b738
--- /dev/null
+++ b/app/views/users/_ban_button.html.erb
@@ -0,0 +1,13 @@
+<% if user.active? %>
+  <%= button_to user_ban_path(user), method: :post,
+        class: "btn btn--negative full-width",
+        data: { turbo_confirm: "Are you sure you want to ban this user?" } do %>
+    Ban user
+  <% end %>
+<% else %>
+  <%= button_to user_ban_path(user), method: :delete,
+        class: "btn full-width",
+        data: { turbo_confirm: "Are you sure you want to remove the ban on this user?" } do %>
+    Remove ban
+  <% end %>
+<% end %>
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 6d10b29..94872e6 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -30,7 +30,7 @@
         <% end %>
       </div>
     <% else %>
-      <% if @user.active? %>
+      <% unless @user.deactivated? %>
         <div class="flex flex-column gap" style="--row-gap: calc(var(--block-space) / 3)">
           <h1 class="txt-x-large txt-tight-lines margin-none"><%= @user.name %></h1>
           <% if Current.user.can_administer? %>
@@ -39,16 +39,24 @@
           <div><%= @user.bio %></div>
         </div>
 
-        <div class="pad-inline-double margin-inline margin-block-start">
-          <%= button_to rooms_directs_path(user_ids: [ @user.id ]), class: "btn btn--reversed full-width txt-large" do %>
-            <%= image_tag "messages.svg", aria: { hidden: "true", label: "Ping #{@user.name}" } %>
+        <% if @user.active? %>
+          <div class="pad-inline-double margin-inline margin-block-start">
+            <%= button_to rooms_directs_path(user_ids: [ @user.id ]), class: "btn btn--reversed full-width txt-large" do %>
+              <%= image_tag "messages.svg", aria: { hidden: "true", label: "Ping #{@user.name}" } %>
+            <% end %>
+          </div>
+
+          <% if Current.user.can_administer? %>
+            <hr class="margin-block-start borderless">
+
+            <%= render "users/profiles/transfer", user: @user %>
           <% end %>
-        </div>
+        <% end %>
 
-        <% if Current.user.can_administer? %>
-          <hr class="margin-block-start borderless">
-
-          <%= render "users/profiles/transfer", user: @user %>
+        <% if Current.user.can_administer? && Current.user != @user %>
+          <div class="margin-block-start">
+            <%= render "users/ban_button", user: @user %>
+          </div>
         <% end %>
       <% else %>
         <div>
diff --git a/config/routes.rb b/config/routes.rb
index d02845d..e55fd7e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -37,6 +37,7 @@ Rails.application.routes.draw do
   resources :users, only: :show do
     scope module: "users" do
       resource :avatar, only: %i[ show destroy ]
+      resource :ban, only: %i[ create destroy ]
 
       scope defaults: { user_id: "me" } do
         resource :sidebar, only: :show
diff --git a/db/migrate/20251126092013_create_bans.rb b/db/migrate/20251126092013_create_bans.rb
new file mode 100644
index 0000000..7b86019
--- /dev/null
+++ b/db/migrate/20251126092013_create_bans.rb
@@ -0,0 +1,11 @@
+class CreateBans < ActiveRecord::Migration[8.1]
+  def change
+    create_table :bans do |t|
+      t.references :user, null: false, foreign_key: true
+      t.string :ip_address, null: false
+      t.timestamps
+    end
+
+    add_index :bans, :ip_address
+  end
+end
diff --git a/db/migrate/20251126115722_change_active_to_status_on_users.rb b/db/migrate/20251126115722_change_active_to_status_on_users.rb
new file mode 100644
index 0000000..7e61456
--- /dev/null
+++ b/db/migrate/20251126115722_change_active_to_status_on_users.rb
@@ -0,0 +1,13 @@
+class ChangeActiveToStatusOnUsers < ActiveRecord::Migration[8.1]
+  def change
+    add_column :users, :status, :integer, default: 0, null: false
+
+    reversible do |dir|
+      dir.up do
+        execute "UPDATE users SET status = 1 WHERE active = 0"
+      end
+    end
+
+    remove_column :users, :active, :boolean
+  end
+end
diff --git a/db/structure.sql b/db/structure.sql
index 78b96a9..04b58a8 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -64,12 +64,20 @@ FOREIGN KEY ("user_id")
   REFERENCES "users" ("id")
 );
 CREATE INDEX "index_webhooks_on_user_id" ON "webhooks" ("user_id");
-CREATE TABLE IF NOT EXISTS "users" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar NOT NULL, "created_at" datetime(6) NOT NULL, "updated_at" datetime(6) NOT NULL, "role" integer DEFAULT 0 NOT NULL, "email_address" varchar DEFAULT NULL, "password_digest" varchar DEFAULT NULL, "active" boolean DEFAULT 1, "bio" text DEFAULT NULL, "bot_token" varchar DEFAULT NULL);
-CREATE UNIQUE INDEX "index_users_on_email_address" ON "users" ("email_address");
-CREATE UNIQUE INDEX "index_users_on_bot_token" ON "users" ("bot_token");
 CREATE TABLE IF NOT EXISTS "active_storage_blobs" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "key" varchar NOT NULL, "filename" varchar NOT NULL, "content_type" varchar, "metadata" text, "service_name" varchar NOT NULL, "byte_size" bigint NOT NULL, "checksum" varchar, "created_at" datetime(6) NOT NULL);
 CREATE UNIQUE INDEX "index_active_storage_blobs_on_key" ON "active_storage_blobs" ("key") /*application='Campfire'*/;
+CREATE TABLE IF NOT EXISTS "bans" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "user_id" integer NOT NULL, "ip_address" varchar NOT NULL, "created_at" datetime(6) NOT NULL, "updated_at" datetime(6) NOT NULL, CONSTRAINT "fk_rails_070022cd76"
+FOREIGN KEY ("user_id")
+  REFERENCES "users" ("id")
+);
+CREATE INDEX "index_bans_on_user_id" ON "bans" ("user_id") /*application='Campfire'*/;
+CREATE INDEX "index_bans_on_ip_address" ON "bans" ("ip_address") /*application='Campfire'*/;
+CREATE TABLE IF NOT EXISTS "users" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar NOT NULL, "created_at" datetime(6) NOT NULL, "updated_at" datetime(6) NOT NULL, "role" integer DEFAULT 0 NOT NULL, "email_address" varchar, "password_digest" varchar, "bio" text, "bot_token" varchar, "status" integer DEFAULT 0 NOT NULL);
+CREATE UNIQUE INDEX "index_users_on_email_address" ON "users" ("email_address") /*application='Campfire'*/;
+CREATE UNIQUE INDEX "index_users_on_bot_token" ON "users" ("bot_token") /*application='Campfire'*/;
 INSERT INTO "schema_migrations" (version) VALUES
+('20251126115722'),
+('20251126092013'),
 ('20250825100959'),
 ('20250825100958'),
 ('20250825100957'),
diff --git a/test/controllers/concerns/block_banned_requests_test.rb b/test/controllers/concerns/block_banned_requests_test.rb
new file mode 100644
index 0000000..4018c6c
--- /dev/null
+++ b/test/controllers/concerns/block_banned_requests_test.rb
@@ -0,0 +1,32 @@
+require "test_helper"
+
+class BlockBannedRequestsTest < ActionDispatch::IntegrationTest
+  setup do
+    sign_in :david
+    @room = rooms(:watercooler)
+
+    Ban.create!(user: users(:kevin), ip_address: "203.0.113.1")
+  end
+
+  test "POST requests from banned IPs are blocked with 429" do
+    post room_messages_url(@room),
+      params: { message: { body: "Test", client_message_id: "test-123" } },
+      headers: { "REMOTE_ADDR" => "203.0.113.1" }
+
+    assert_response :too_many_requests
+  end
+
+  test "POST requests from non-banned IPs are allowed" do
+    post room_messages_url(@room, format: :turbo_stream),
+      params: { message: { body: "Test", client_message_id: "test-123" } },
+      headers: { "REMOTE_ADDR" => "203.0.113.99" }
+
+    assert_response :success
+  end
+
+  test "GET requests from banned IPs are allowed" do
+    get room_messages_url(@room), headers: { "REMOTE_ADDR" => "203.0.113.1" }
+
+    assert_response :success
+  end
+end
diff --git a/test/controllers/users/bans_controller_test.rb b/test/controllers/users/bans_controller_test.rb
new file mode 100644
index 0000000..e598320
--- /dev/null
+++ b/test/controllers/users/bans_controller_test.rb
@@ -0,0 +1,85 @@
+require "test_helper"
+
+class Users::BansControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    sign_in :david
+  end
+
+  test "create bans user and creates ban records from sessions" do
+    user = users(:kevin)
+    user.sessions.create!(ip_address: "203.0.113.1", user_agent: "Test")
+    user.sessions.create!(ip_address: "203.0.113.2", user_agent: "Test")
+
+    assert_difference -> { Ban.count }, 2 do
+      post user_ban_url(user)
+    end
+
+    assert_redirected_to user_url(user)
+    assert Ban.exists?(ip_address: "203.0.113.1", user: user)
+    assert Ban.exists?(ip_address: "203.0.113.2", user: user)
+  end
+
+  test "create destroys user sessions" do
+    user = users(:kevin)
+    user.sessions.create!(ip_address: "203.0.113.1", user_agent: "Test")
+
+    assert_difference -> { user.sessions.count }, -1 do
+      post user_ban_url(user)
+    end
+  end
+
+  test "create enqueues RemoveBannedContentJob" do
+    user = users(:kevin)
+
+    assert_enqueued_with(job: RemoveBannedContentJob, args: [ user ]) do
+      post user_ban_url(user)
+    end
+  end
+
+  test "RemoveBannedContentJob deletes messages" do
+    user = users(:kevin)
+    user.sessions.create!(ip_address: "203.0.113.1", user_agent: "Test")
+    user.messages.create!(room: rooms(:hq), body: "Test message", client_message_id: "test-123")
+
+    perform_enqueued_jobs do
+      post user_ban_url(user)
+    end
+
+    assert_empty user.reload.messages
+  end
+
+  test "non-admins cannot ban users" do
+    sign_in :kevin
+
+    post user_ban_url(users(:jz))
+
+    assert_response :forbidden
+  end
+
+  test "destroy removes ban records and sets user to active" do
+    user = users(:kevin)
+    user.sessions.create!(ip_address: "203.0.113.1", user_agent: "Test")
+    user.ban
+
+    assert user.reload.banned?
+    assert_equal 1, user.bans.count
+
+    assert_difference -> { Ban.count }, -1 do
+      delete user_ban_url(user)
+    end
+
+    assert_redirected_to user_url(user)
+    assert user.reload.active?
+  end
+
+  test "non-admins cannot unban users" do
+    sign_in :kevin
+
+    user = users(:jz)
+    user.banned!
+
+    delete user_ban_url(user)
+
+    assert_response :forbidden
+  end
+end

From c8ac87835378df557a24292c16bc15eeeac0b183 Mon Sep 17 00:00:00 2001
From: Jason Zimdars <jz@37signals.com>
Date: Wed, 26 Nov 2025 13:08:35 -0600
Subject: [PATCH 2/2] Polish banned states and confirm

---
 app/assets/images/cancel.svg            |  1 +
 app/assets/stylesheets/avatars.css      | 20 ++++++++++++++++++++
 app/views/accounts/users/_user.html.erb |  2 +-
 app/views/users/_ban_button.html.erb    | 12 +++++++-----
 app/views/users/show.html.erb           |  2 +-
 5 files changed, 30 insertions(+), 7 deletions(-)
 create mode 100644 app/assets/images/cancel.svg

diff --git a/app/assets/images/cancel.svg b/app/assets/images/cancel.svg
new file mode 100644
index 0000000..3327c05
--- /dev/null
+++ b/app/assets/images/cancel.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 2C17.5 2 22 6.5 22 12S17.5 22 12 22 2 17.5 2 12 6.5 2 12 2M12 4C10.1 4 8.4 4.6 7.1 5.7L18.3 16.9C19.3 15.5 20 13.8 20 12C20 7.6 16.4 4 12 4M16.9 18.3L5.7 7.1C4.6 8.4 4 10.1 4 12C4 16.4 7.6 20 12 20C13.9 20 15.6 19.4 16.9 18.3Z" /></svg>
\ No newline at end of file
diff --git a/app/assets/stylesheets/avatars.css b/app/assets/stylesheets/avatars.css
index 4407272..9c3b520 100644
--- a/app/assets/stylesheets/avatars.css
+++ b/app/assets/stylesheets/avatars.css
@@ -7,6 +7,7 @@
   inline-size: var(--avatar-size, 5ch);
   margin: 0;
   place-items: center;
+  position: relative;
 
   img {
     aspect-ratio: 1;
@@ -16,6 +17,25 @@
     inline-size: var(--avatar-size, 5ch);
     max-inline-size: 100%;
     object-fit: cover;
+
+    .banned & {
+      opacity: 0.5;
+    }
+  }
+
+  .banned &:after {
+    background: url(cancel.svg) no-repeat center center;
+    block-size: auto;
+    content: "";
+    filter: invert(0%);
+    inline-size: var(--avatar-size, 5ch);
+    inset: 0;
+    max-inline-size: 100%;
+    position: absolute;
+
+    @media (prefers-color-scheme: dark) {
+      filter: invert(100%);
+    }
   }
 }
 
diff --git a/app/views/accounts/users/_user.html.erb b/app/views/accounts/users/_user.html.erb
index 4f5f952..470e7f8 100644
--- a/app/views/accounts/users/_user.html.erb
+++ b/app/views/accounts/users/_user.html.erb
@@ -1,4 +1,4 @@
-<li class="flex align-center gap margin-none <%= "translucent" if user.banned? %>">
+<li class="flex align-center gap margin-none <%= "banned" if user.banned? %>">
   <figure class="avatar flex-item-no-shrink" style="--avatar-size: 3.75ch;">
     <%= avatar_tag user, loading: :lazy %>
   </figure>
diff --git a/app/views/users/_ban_button.html.erb b/app/views/users/_ban_button.html.erb
index 398b738..3cfab48 100644
--- a/app/views/users/_ban_button.html.erb
+++ b/app/views/users/_ban_button.html.erb
@@ -1,13 +1,15 @@
 <% if user.active? %>
   <%= button_to user_ban_path(user), method: :post,
-        class: "btn btn--negative full-width",
-        data: { turbo_confirm: "Are you sure you want to ban this user?" } do %>
-    Ban user
+        class: "btn full-width",
+        data: { turbo_confirm: "Are you sure you want to ban this user? This will log them out, delete their messages, and block their IP addresses." } do %>
+    <%= image_tag "cancel.svg", aria: { hidden: "true", label: "Ban #{@user.name}" } %>
+    <span>Ban <%= user.name %></span>
   <% end %>
 <% else %>
   <%= button_to user_ban_path(user), method: :delete,
-        class: "btn full-width",
+        class: "btn btn--negative full-width",
         data: { turbo_confirm: "Are you sure you want to remove the ban on this user?" } do %>
-    Remove ban
+    <%= image_tag "cancel.svg", aria: { hidden: "true", label: "Ban #{@user.name}" } %>
+    <span>Remove ban</span>
   <% end %>
 <% end %>
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 94872e6..8fb4a28 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -16,7 +16,7 @@
 <% end %>
 
 <section class="panel txt-align-center">
-  <div class="flex flex-column gap">
+  <div class="flex flex-column gap <%= "banned" if @user.banned? %>">
     <div class="avatar txt-xx-large center" style="background: white">
       <%= image_tag fresh_user_avatar_path(@user), alt: "Profile avatar", class: "avatar" %>
     </div>