Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PGP keys aren't deleted when user is deleted #14531

Closed
2 of 6 tasks
aveao opened this issue Jan 30, 2021 · 3 comments · Fixed by #14561
Closed
2 of 6 tasks

PGP keys aren't deleted when user is deleted #14531

aveao opened this issue Jan 30, 2021 · 3 comments · Fixed by #14561
Labels
type/bug
Milestone
1.13.3

Comments

@aveao
Copy link

aveao commented Jan 30, 2021

  • Gitea version (or commit ref): Tested on both 1.13.1 and gfcfbab99f
  • Git version: 2.17.1
  • Operating system: Debian 10

Gitea is from downloads, and is running as a systemd service.

Description

Current behavior

When a user deletes their account, their pgp key(s) in pgp_key_import table isn't deleted. As such, when the user registers again with the same email and tries to add the PGP key, it causes a unique constraint violation, and gitea throws a 500.

Expected behavior

  • Bugfix: When a user deletes their account, their PGP key(s) in pgp_key_import should be deleted too.
  • Nice to have in addition to bugfix: Trying to add non-unique PGP keys should probably display a better error page.

Screenshots

500 error
@lunny lunny added the type/bug label Feb 1, 2021
@anton-khimich
Copy link
Contributor

anton-khimich commented Feb 3, 2021
edited
Loading

I'm unable to reproduce this bug at https://try.gitea.io. Could you provide instructions on how to reproduce this or has this issue already been addressed?

@aveao
Copy link
Author

aveao commented Feb 3, 2021

@anton-khimich I can still repro this on try.gitea.io.

Repro instructions:

@lunny lunny added this to the 1.13.3 milestone Feb 3, 2021
@anton-khimich
Copy link
Contributor

Okay, I think I see what the problem is. When you add a PGP key, it gets inserted into the gpg_key and gpg_key_import tables, and manually removing the PGP key deletes the key from those same tables. When a user is deleted however, the PGP key is deleted from gpg_key but not gpg_key_import. I'll see if I can fix this.

anton-khimich pushed a commit to anton-khimich/gitea that referenced this issue Feb 3, 2021
Fix GPG key deletion when user is deleted
4c62873 
Per go-gitea#14531, deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.
@anton-khimich anton-khimich mentioned this issue Feb 3, 2021
Merged
lunny pushed a commit that referenced this issue Feb 4, 2021
@anton-khimich @6543
Fix gpg key deletion (#14561)
80b1d02 
* Fix GPG key deletion when user is deleted

Per #14531, deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.

* Format added code in models/user.go

* Create a new function for listing GPG keys and apply it

Create a new function `listGPGKeys` and replace a previous use
of `ListGPGKeys`. Thanks to @6543 for the patch.

Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca>
Co-authored-by: 6543 <6543@obermui.de>
anton-khimich pushed a commit to anton-khimich/gitea that referenced this issue Feb 4, 2021
Fix GPG key deletion during account deletion, backport of go-gitea#14561
925e6c0 


Per go-gitea#14531, deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.
6543 pushed a commit that referenced this issue Feb 4, 2021
@anton-khimich
Fix GPG key deletion during account deletion (#14561) (#14569)
da7a525 
Per #14531, deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.

Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca>
@go-gitea go-gitea locked and limited conversation to collaborators Mar 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.13.3
Development

Successfully merging a pull request may close this issue.

Fix gpg key deletion anton-khimich/gitea
3 participants
@lunny @aveao @anton-khimich