move timezone_offset bound check to format_datetime

So it is checked in all cases - before it was only checked in backup
create, not backup restore.

Author: benma

src/rust/bitbox02-rust/src/hww/api/backup.rs

@@ -75,16 +75,10 @@ pub async fn create(
         timezone_offset,
     }: &pb::CreateBackupRequest,
 ) -> Result<Response, Error> {
-    const MAX_EAST_UTC_OFFSET: i32 = 50400; // 14 hours in seconds
-    const MAX_WEST_UTC_OFFSET: i32 = -43200; // 12 hours in seconds
-
-    if !(MAX_WEST_UTC_OFFSET..=MAX_EAST_UTC_OFFSET).contains(&timezone_offset) {
-        return Err(Error::InvalidInput);
-    }
-
     confirm::confirm(&confirm::Params {
         title: "Is today?",
-        body: &bitbox02::format_datetime(timestamp, timezone_offset, true),
+        body: &bitbox02::format_datetime(timestamp, timezone_offset, true)
+            .map_err(|_| Error::InvalidInput)?,
         ..Default::default()
     })
     .await?;

src/rust/bitbox02-rust/src/hww/api/restore.rs

@@ -47,7 +47,8 @@ pub async fn from_file(request: &pb::RestoreBackupRequest) -> Result<Response, E
     #[cfg(feature = "app-u2f")]
     {
         let datetime_string =
-            bitbox02::format_datetime(request.timestamp, request.timezone_offset, false);
+            bitbox02::format_datetime(request.timestamp, request.timezone_offset, false)
+                .map_err(|_| Error::InvalidInput)?;
         let params = confirm::Params {
             title: "Is now?",
             body: &datetime_string,
@@ -92,7 +93,8 @@ pub async fn from_mnemonic(
 ) -> Result<Response, Error> {
     #[cfg(feature = "app-u2f")]
     {
-        let datetime_string = bitbox02::format_datetime(timestamp, timezone_offset, false);
+        let datetime_string = bitbox02::format_datetime(timestamp, timezone_offset, false)
+            .map_err(|_| Error::InvalidInput)?;
         confirm::confirm(&confirm::Params {
             title: "Is now?",
             body: &datetime_string,

src/rust/bitbox02/src/lib.rs

@@ -135,15 +135,26 @@ pub fn strftime(timestamp: u32, format: &str) -> String {
 /// timestamp is the unix timestamp in seconds.
 /// timezone_offset is added to the timestamp, timezone part.
 /// date_only: if true, only the date is formatted. If false, both date and time are.
-pub fn format_datetime(timestamp: u32, timezone_offset: i32, date_only: bool) -> String {
-    strftime(
+pub fn format_datetime(
+    timestamp: u32,
+    timezone_offset: i32,
+    date_only: bool,
+) -> Result<String, ()> {
+    const MAX_EAST_UTC_OFFSET: i32 = 50400; // 14 hours in seconds
+    const MAX_WEST_UTC_OFFSET: i32 = -43200; // 12 hours in seconds
+
+    if !(MAX_WEST_UTC_OFFSET..=MAX_EAST_UTC_OFFSET).contains(&timezone_offset) {
+        return Err(());
+    }
+
+    Ok(strftime(
         ((timestamp as i64) + (timezone_offset as i64)) as u32,
         if date_only {
             "%a %Y-%m-%d"
         } else {
             "%a %Y-%m-%d\n%H:%M"
         },
-    )
+    ))
 }
 
 #[cfg(not(feature = "testing"))]
@@ -199,18 +210,24 @@ mod tests {
 
     #[test]
     fn test_format_datetime() {
-        assert_eq!(format_datetime(1601281809, 0, true), "Mon 2020-09-28");
+        assert_eq!(
+            format_datetime(1601281809, 0, true),
+            Ok("Mon 2020-09-28".into())
+        );
         assert_eq!(
             format_datetime(1601281809, 0, false),
-            "Mon 2020-09-28\n08:30"
+            Ok("Mon 2020-09-28\n08:30".into()),
         );
         assert_eq!(
             format_datetime(1601281809, 18000, false),
-            "Mon 2020-09-28\n13:30"
+            Ok("Mon 2020-09-28\n13:30".into()),
         );
         assert_eq!(
             format_datetime(1601281809, -32400, false),
-            "Sun 2020-09-27\n23:30"
+            Ok("Sun 2020-09-27\n23:30".into()),
         );
+
+        assert!(format_datetime(1601281809, 50401, false).is_err());
+        assert!(format_datetime(1601281809, -43201, false).is_err());
     }
 }