Description
- Gitea version (or commit ref): Gitea Version: 1.1.0+1-g1d65291
- Git version: git 1:2.7.4-0ubuntu1
- Operating system: Ubuntu 16.04.2 LTS
- Database (use
[x]):- PostgreSQL
- MySQL
- MSSQL
- SQLite
- Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL) https://try.gitea.io/cdslashetc/deploy-key-test
- No
- Not relevant
- Log gist:
I was able to recreate on try.gitea by doing the following:
create private repository
add Deploy Key to repository
delete Deploy Key
add same key to user Profile
attempt to clone repository using the private key
Description
A user added a key as a Deploy Key not realizing it would be read-only. So, he removed the Deploy Key from the repository then added the same key to his user Profile instead since he is trying to use the Jenkins plugin Git Publisher to create a Tag as a post-build action, which needs to merge.
It is possible that he removed the Deploy Key after he had already added it to his user Profile. So, this problem may be related to #938
I told the user to create a new key and that of course worked fine.
In serv.log Gitea still seems to think it's the same Deploy Key rather than a normal user key:
2017/03/21 11:32:40 [...io/gitea/cmd/serv.go:216 runServ()] [F] Deploy key access denied: [key_id: 4, repo_id: 48]
2017/03/21 11:38:26 [...io/gitea/cmd/serv.go:216 runServ()] [F] Deploy key access denied: [key_id: 4, repo_id: 61]
I'd say something is going awry in the process to delete the Deploy Key. I'm not using my normal workstation today, trying to get a database tool installed and working so I can dig around in the database.
It could be sufficient just to prevent users from reusing a Deploy Key, it's a bad idea anyway for security reasons.
Screenshots
If this issue involves the Web Interface, please include a screenshot