PGP keys aren't deleted when user is deleted

[aveao]

• Gitea version (or commit ref): Tested on both 1.13.1 and gfcfbab99f
• Git version: 2.17.1
• Operating system: Debian 10

Gitea is from downloads, and is running as a systemd service.

• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (repro link N/A)
  • No
• Log gist: https://gist.github.com/aveao/481fa4aacbb7377ce202fcff780f5dd1

Description

Current behavior

When a user deletes their account, their pgp key(s) in pgp_key_import table isn't deleted. As such, when the user registers again with the same email and tries to add the PGP key, it causes a unique constraint violation, and gitea throws a 500.

Expected behavior

• Bugfix: When a user deletes their account, their PGP key(s) in pgp_key_import should be deleted too.
• Nice to have in addition to bugfix: Trying to add non-unique PGP keys should probably display a better error page.

Screenshots

[anton-khimich]

I'm unable to reproduce this bug at https://try.gitea.io. Could you provide instructions on how to reproduce this or has this issue already been addressed?

[aveao]

@anton-khimich I can still repro this on try.gitea.io.

Repro instructions:

• [Have a PGP key ready]
• Create user account A with same email as PGP key
• Go to https://try.gitea.io/user/settings/keys, add said PGP key
• (Observe that PGP key was added properly)
• Go to https://try.gitea.io/user/settings/account, delete user account
• Create user account B with same email as PGP key
• Go to https://try.gitea.io/user/settings/keys, add said PGP key
• (Observe the HTTP 500 error)

[anton-khimich]

Okay, I think I see what the problem is. When you add a PGP key, it gets inserted into the gpg_key and gpg_key_import tables, and manually removing the PGP key deletes the key from those same tables. When a user is deleted however, the PGP key is deleted from gpg_key but not gpg_key_import. I'll see if I can fix this.