The attachments are saved before the notification is sent, so this is not the problem.
I made a few tests with latest trunk and its works fine:

!ticket_with_inline_image.png!

Notes:
* the image is displayed in the HTML email only (no formatting is done for the plain text part)
* you may need to configure your email client to authorize inline images to be displayed
--------------------------------------------------------------------------------
Yes, you are right. This feature works well.

I have encountered with a corrupted file which can't be displayed inline.

And I have test about 10 other attached images, all of them can be displayed correctly.
--------------------------------------------------------------------------------
It seems it doesn't work any longer. I've created Defect #5672
--------------------------------------------------------------------------------
Same here: images are not displayed in email notifications.
--------------------------------------------------------------------------------
Was this problem ever discovered? We're still experiencing problems with the initial notification emails - all update emails for the same issue go out are fine (see attachments).

The +initial+ notification email that goes out contains just the original filename (e.g. <img src="Australia_85283.gif" alt="" />) any future update emails for the issue that go out contain the proper reference (i.e. <img src="http://testmethistime.com/attachments/download/363" alt="" />).
--------------------------------------------------------------------------------
The problem is that the issues.attachment attribute doesn't have anything in it by the time it reaches parse_inline_attachments (source:trunk/app/helpers/application_helper.rb#L504). (The attachments are saved in source:trunk/app/controllers/issues_controller.rb#L138 in the create action.)

I'm not a Ruby developer, so I'm not sure how to go about fixing it. I tried @obj.attachments(true)@ because the ActiveRecord docs say that skips caching ("here":http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html), but that didn't work.

How do you go about re-loading those?
--------------------------------------------------------------------------------
Figured it out. The mailer is sending out the message as soon as the issue is created, which is before attachments are added: source:trunk/app/models/issue_observer.rb.

Now-- how to fix it? Delay the mailer until later in the creation process, or create the attachments in such a way that they are already on the issue when it gets saved?
--------------------------------------------------------------------------------
This patch fixes the issue, but in a hackish way.
--------------------------------------------------------------------------------
And now I see why it was done that way: The same code is needed in app/models/mail_handler.rb, and the same probably needed for issue updates after their attachments are... attached.
--------------------------------------------------------------------------------
Indeed, generation of link URL needs an already persisted Attachment object and attachments are persisted after issue at creation (but before issue on issue update).
--------------------------------------------------------------------------------
+1
--------------------------------------------------------------------------------

I'm not sure if what I'm experiencing is exactly this issue (or just a related one, as it effects only non-public projects), so feel free to point to the correct issue & I'll copy my comment there.

What we are seeing is that the requests for images from the email's being denied for security reasons (whereas gmail requests are within the same browser that is logged into redmine, so they work).

<pre>
127.6.12.34 - - [2013-01-31T18:03:36+00:00] "GET /attachments/download/552 HTTP/1.1" 302 169 0.020
127.6.12.34 - - [2013-01-31T18:03:36+00:00] "GET /login?back_url=http%3A%2F%2Four.redmine.host.com%2Fattachments%2Fdownload%2F552 HTTP/1.1" 200 4170 0.040
</pre>

As such, my recommended fix (while maintaining *some* form of security) is that:
# a new 'shared secret' field be added to the attachment table
# that it be auto-populated with a random but ascii-nice hash
# that urls to attachments from emails should include this shared secret (e.g. "/attachments/download/552/3MXtKsTQ")
# that the attachment controller accept the hash and release the data to the email client

Variations might include the secret being per-ticket, or per-user (!), or changing with time/privileges (but breaks old emails).

--------------------------------------------------------------------------------
Come to think of it... lacing the url with the user's api key (e.g. as a query string) might already be a workable solution.
--------------------------------------------------------------------------------
While not everyone would be happy with this, I would personally (on my particular install) not have an issue with removing the authentication requirement on the ??attachments?? folder. Could this be done by modifying the apache config upstream of any processing by thin/mongrel/etc.?

If so, would anyone with better Apache than me mind suggesting how to prefix the existing config? Mine (the default Bitnami install) currently reads:
<pre>
ProxyPass /redmine balancer://redminecluster
ProxyPassReverse /redmine balancer://redminecluster

<Proxy balancer://redminecluster>
BalancerMember http://127.0.0.1:3001/redmine
BalancerMember http://127.0.0.1:3002/redmine
</Proxy>
</pre>
--------------------------------------------------------------------------------
Scratch that - just realised that you can't retrieve the full file path from the URL request without DB lookups, so the request has to be processed by redmine.
--------------------------------------------------------------------------------
OK, so a quick hack for those in the same position as me (i.e. not too concerned about login security for attachment retrieval) is to use the attached patch.
*NOTE:* I've not used patch/diff before, so it may not be in the right format. If in doubt, the line proposed should be added at attachments_controller.rb after line 22.

I would love a proper (read: secure) fix, however, along the lines suggested by Robert Hailey. Is there a security concern with handing out the API key over email and putting it in every image URL?
--------------------------------------------------------------------------------

Wow thanks for the patch, this is really helpful.

Al McNicoll wrote:
> *NOTE:* I've not used patch/diff before, so it may not be in the right format. If in doubt, the line proposed should be added at attachments_controller.rb after line 22.

Yea, even a line number is still a bit shaky without a version number (& unmodified sources).

I was told some time ago that the customary way to run diff is one of two equivalent ways:

<pre>
diff -wub $ORIGINAL $MODIFIED
diff -wub original/file.ext{.bak,}
</pre>

...and that is now a habit, I don't think I use diff any other way.

I've taken the liberty of reformulating your patch (attached & seen below). Although I'm quite sure, it might be good to object if the added line is in the wrong place.

<pre>
--- app/controllers/attachments_controller.rb.bak 2013-02-14 09:43:05.000000000 -0600
+++ app/controllers/attachments_controller.rb 2013-02-14 09:43:26.000000000 -0600
@@ -20,6 +20,7 @@
before_filter :file_readable, :read_authorize, :only => [:show, :download]
before_filter :delete_authorize, :only => :destroy
before_filter :authorize_global, :only => :upload
+ skip_before_filter :check_if_login_required

accept_api_auth :show, :download, :upload
</pre>

--------------------------------------------------------------------------------
Unfortunately McNicoll's patch does not work for me (version 1.4.x), I have to disable the read_authorize filter too:

<pre>
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index cb975e8..46bd8ef 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -17,9 +17,10 @@

class AttachmentsController < ApplicationController
before_filter :find_project, :except => :upload
- before_filter :file_readable, :read_authorize, :only => [:show, :download]
+ before_filter :file_readable, :read_authorize, :only => :show
before_filter :delete_authorize, :only => :destroy
before_filter :authorize_global, :only => :upload
+ skip_before_filter :check_if_login_required, :only => :download

accept_api_auth :show, :download, :upload
</pre>

--------------------------------------------------------------------------------
+1 to solve this.
A lot of my users complain about to have to log in Redmine just to see the in-line image.
How about to have an option to attach the image on the email body ? The mail will become bigger it may be a less price to pay to have the image in the email.

--------------------------------------------------------------------------------
Fernando Hartmann wrote:
> How about to have an option to attach the image on the email body ? The mail will become bigger it may be a less price to pay to have the image in the email.

That's actually what my patches in #3760 do.

--------------------------------------------------------------------------------
Brian Crowell wrote:
> That's actually what my patches in #3760 do.

So I suggest this two and #12516 should set as related
--------------------------------------------------------------------------------
Sorry for the duplicate update. Hit Refresh in the browser.

--------------------------------------------------------------------------------
+1 for this :)
--------------------------------------------------------------------------------
+1

I would preffer having the configuration options:
* Either allow downloading the email attached images without login.
* Or enclose the images directly into the email body (multipart emails work fine these days to me with the QR-code images).
* Or keep the current behavior - i.e. the email images are completely useless as the email client cannot log into Redmine to download it (well, may be that some email clients can be configured for this - I am using Apple Mail and have no idea how to achieve this).
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
+1 for *any* of the proposed solutions
--------------------------------------------------------------------------------
+1 we encounter the same problem on a Redmine server running over HTTPS.

The inline images do not display in Apple Mail, instead the user sees a question mark.
--------------------------------------------------------------------------------
Hey guys!

Here is solution using multipart emails: https://github.com/dkalachov/redmine_email_images

Tested on redmine 2.6 and 3.0.
--------------------------------------------------------------------------------
Can't upload attachment when create new issue or update via email.

<pre>
huanghanzhen@ee-200:~/rubyworkspace/function_tracker/redmine-3.0.3$ rake redmine:email:receive_pop3 RAILS_ENV="production" host=fg-pop.chthibox.net username=xxxx password=xxxx folder=Inbox project=test allow_override=project --trace
** Invoke redmine:email:receive_pop3 (first_time)
** Invoke environment (first_time)
** Execute environment
** Execute redmine:email:receive_pop3
undefined method `charset' for nil:NilClass
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/plugins/redmine_email_images/lib/email_receive_inline_patch.rb:43:in `decode_part_body'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/plugins/redmine_email_images/lib/email_receive_inline_patch.rb:28:in `decoded_html'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/plugins/redmine_email_images/lib/email_receive_inline_patch.rb:15:in `add_attachments_with_remove_inline_images'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/app/models/mail_handler.rb:206:in `receive_issue'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/app/models/mail_handler.rb:182:in `dispatch_to_default'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/app/models/mail_handler.rb:167:in `dispatch'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/app/models/mail_handler.rb:142:in `receive'
/var/lib/gems/2.1.0/gems/actionmailer-4.2.1/lib/action_mailer/base.rb:530:in `block in receive'
/var/lib/gems/2.1.0/gems/activesupport-4.2.1/lib/active_support/notifications.rb:164:in `block in instrument'
/var/lib/gems/2.1.0/gems/activesupport-4.2.1/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/var/lib/gems/2.1.0/gems/activesupport-4.2.1/lib/active_support/notifications.rb:164:in `instrument'
/var/lib/gems/2.1.0/gems/actionmailer-4.2.1/lib/action_mailer/base.rb:527:in `receive'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/app/models/mail_handler.rb:46:in `receive'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/app/models/mail_handler.rb:51:in `safe_receive'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/lib/redmine/pop3.rb:51:in `block (2 levels) in check'
/usr/lib/ruby/2.1.0/net/pop.rb:665:in `each'
/usr/lib/ruby/2.1.0/net/pop.rb:665:in `each_mail'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/lib/redmine/pop3.rb:48:in `block in check'
/usr/lib/ruby/2.1.0/net/pop.rb:531:in `start'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/lib/redmine/pop3.rb:43:in `check'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/lib/tasks/email.rake:161:in `block (4 levels) in <top (required)>'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/app/models/mailer.rb:383:in `with_synched_deliveries'
/home/huanghanzhen/rubyworkspace/function_tracker/redmine-3.0.3/lib/tasks/email.rake:160:in `block (3 levels) in <top (required)>'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:240:in `call'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:240:in `block in execute'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:235:in `each'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:235:in `execute'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:179:in `block in invoke_with_call_chain'
/usr/lib/ruby/2.1.0/monitor.rb:211:in `mon_synchronize'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:172:in `invoke_with_call_chain'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:165:in `invoke'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:150:in `invoke_task'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:106:in `block (2 levels) in top_level'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:106:in `each'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:106:in `block in top_level'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:115:in `run_with_threads'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:100:in `top_level'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:78:in `block in run'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:176:in `standard_exception_handling'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:75:in `run'
/var/lib/gems/2.1.0/gems/rake-10.4.2/bin/rake:33:in `<top (required)>'
/usr/local/bin/rake:23:in `load'
/usr/local/bin/rake:23:in `<main>'
</pre>
--------------------------------------------------------------------------------
+1
--------------------------------------------------------------------------------
+1. Any ideas for fix this issue?
--------------------------------------------------------------------------------
+1. Is there an update about this issue?
--------------------------------------------------------------------------------
With slight modification to @Robert Hailey, the fix works for Redmine v3.4.4-stable.

<pre><code class="diff">
--- attachments_controller.rb.old 2019-05-05 17:33:49.050841458 +0800
+++ attachments_controller.rb 2019-05-05 17:39:45.647950163 +0800
@@ -18,7 +18,7 @@
class AttachmentsController < ApplicationController
before_action :find_attachment, :only => [:show, :download, :thumbnail, :update, :destroy]
before_action :find_editable_attachments, :only => [:edit_all, :update_all]
- before_action :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
+ before_action :file_readable, :read_authorize, :only => [:show, :thumbnail]
before_action :update_authorize, :only => :update
before_action :delete_authorize, :only => :destroy
before_action :authorize_global, :only => :upload
@@ -27,6 +27,9 @@
# MIME type text/javascript.
skip_after_action :verify_same_origin_request, :only => :download

+ # INSECURE: download attachments without login, fix for showing images in email
+ skip_before_action :check_if_login_required, :only => :download
+
accept_api_auth :show, :download, :thumbnail, :upload, :update, :destroy

def show
</code></pre>
--------------------------------------------------------------------------------
guys,what kind of plugin works on version 4.0.2?
--------------------------------------------------------------------------------
Nick Nick wrote:
> guys,what kind of plugin works on version 4.0.2?

I'm interested too.
--------------------------------------------------------------------------------
Since now each user receives its own email message, it could be solved using tokens in URLs (similar as for atom feeds). All images in email message could use URLs like @https://example.com/attachments/download/123/image.png?key=somerandomtoken@ - server could identify user by token and check if it has permissions to see this image.
--------------------------------------------------------------------------------
If someone know how to fix that (allow everyone to access to attachement to display them in mails), I'm interested too.
--------------------------------------------------------------------------------
yes, me too. I'm very sad v4 broke the plugin that was making this work. It seems like a good core feature.
--------------------------------------------------------------------------------
+1 for 4.1.1 stable
--------------------------------------------------------------------------------
Sunding Wei wrote:
> With slight modification to @Robert Hailey, the fix works for Redmine v3.4.4-stable.
>
> [...]

I use this modification for 4.1.1 stable and it works great! Good job Wei!
--------------------------------------------------------------------------------
Amazing, after 12 years, we still want this missing feature, and toast for long-lived Redmine! The patch still works for Redmine 4.2.x

<pre><code class="diff">
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 1956f01e3..d8d8895da 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -24,7 +24,7 @@ class AttachmentsController < ApplicationController
before_action :find_container, :only => [:edit_all, :update_all, :download_all]
before_action :find_downloadable_attachments, :only => :download_all
before_action :find_editable_attachments, :only => [:edit_all, :update_all]
- before_action :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
+ before_action :file_readable, :read_authorize, :only => [:show, :thumbnail]
before_action :update_authorize, :only => :update
before_action :delete_authorize, :only => :destroy
before_action :authorize_global, :only => :upload
@@ -33,6 +33,9 @@ class AttachmentsController < ApplicationController
# MIME type text/javascript.
skip_after_action :verify_same_origin_request, :only => :download

+ # INSECURE: download attachments without login, fix for showing images in email
+ skip_before_action :check_if_login_required, :only => :download
+
accept_api_auth :show, :download, :thumbnail, :upload, :update, :destroy

def show
</code></pre>
--------------------------------------------------------------------------------
Sunding Wei wrote:
> Amazing, after 12 years, we still want this missing feature, and toast for long-lived Redmine! The patch still works for Redmine 4.2.x
>
> [...]

Hi Wei,
I just tested it on Redmine 4.2.2 and it doesn't work. Something bloked it.

Here is my setup:
<pre>
Environment:
Redmine version 4.2.2.stable
Ruby version 2.6.6-p146 (2020-03-31) [x64-mingw32]
Rails version 5.2.6
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
SCM:
Filesystem
Redmine plugins:
redmine_custom_workflows 1.0.3
redmine_extended_watchers 4.2.0
redmine_home_page_redirector 1.0.0
redmine_lightbox2 0.5.0
redmine_wysiwyg_editor 0.21.0
</pre>
--------------------------------------------------------------------------------
David Doležal wrote:
> Sunding Wei wrote:
> > Amazing, after 12 years, we still want this missing feature, and toast for long-lived Redmine! The patch still works for Redmine 4.2.x
> >
> > [...]
>
> Hi Wei,
> I just tested it on Redmine 4.2.2 and it doesn't work. Something bloked it.
>
> Here is my setup:
> [...]

Hi there, so I solved this in my own. Problem was in security policies...
--------------------------------------------------------------------------------
David Doležal wrote:
> Sunding Wei wrote:
> > Amazing, after 12 years, we still want this missing feature, and toast for long-lived Redmine! The patch still works for Redmine 4.2.x
> >
> > [...]
>
> Hi Wei,
> I just tested it on Redmine 4.2.2 and it doesn't work. Something bloked it.
>
> Here is my setup:
> [...]

Hi there,
I just installed latest stable 4.2.4 and I have the same sh*t again...

<pre>
class AttachmentsController < ApplicationController
include ActionView::Helpers::NumberHelper

before_action :find_attachment, :only => [:show, :download, :thumbnail, :update, :destroy]
before_action :find_container, :only => [:edit_all, :update_all, :download_all]
before_action :find_downloadable_attachments, :only => :download_all
before_action :find_editable_attachments, :only => [:edit_all, :update_all]
# before_action :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
before_action :file_readable, :read_authorize, :only => [:show, :thumbnail]
before_action :update_authorize, :only => :update
before_action :delete_authorize, :only => :destroy
before_action :authorize_global, :only => :upload

# Disable check for same origin requests for JS files, i.e. attachments with
# MIME type text/javascript.
skip_after_action :verify_same_origin_request, :only => :download

# INSECURE: download attachments without login, fix for showing images in email
skip_before_action :check_if_login_required, :only => :download
</pre>

I had last time with security, but in this time, I'm 95% sure, that all fit correctly. Any idea where I made mistake or what to check?

In pics below I show how it (doesn't) works now.
--------------------------------------------------------------------------------
Working for me on 4.1.6

Why don't the maintainer merge a fix so that we don't have to bother applying this patch. I't a very nice feature.

Bye
--------------------------------------------------------------------------------
David Doležal wrote:
> David Doležal wrote:
> > Sunding Wei wrote:
> > > Amazing, after 12 years, we still want this missing feature, and toast for long-lived Redmine! The patch still works for Redmine 4.2.x
> > >
> > > [...]
> >
> > Hi Wei,
> > I just tested it on Redmine 4.2.2 and it doesn't work. Something bloked it.
> >
> > Here is my setup:
> > [...]
>
> Hi there,
> I just installed latest stable 4.2.4 and I have the same sh*t again...
>
> [...]
>
> I had last time with security, but in this time, I'm 95% sure, that all fit correctly. Any idea where I made mistake or what to check?
>
> In pics below I show how it (doesn't) works now.

I just found that 5% of sure... It looks like problem is not in this patch, but in database. I tested fresh instalation of REDMINE 4.2.4 with own (test) database and it worked OK. After that I take production database from different machine, replace test database and it doesn't work. Pictures aren't visible in email body.

Do you have any idea what I do wrong? Thanks for help.
--------------------------------------------------------------------------------
David Doležal wrote:
> David Doležal wrote:
> > David Doležal wrote:
> > > Sunding Wei wrote:
> > > > Amazing, after 12 years, we still want this missing feature, and toast for long-lived Redmine! The patch still works for Redmine 4.2.x
> > > >
> > > > [...]
> > >
> > > Hi Wei,
> > > I just tested it on Redmine 4.2.2 and it doesn't work. Something bloked it.
> > >
> > > Here is my setup:
> > > [...]
> >
> > Hi there,
> > I just installed latest stable 4.2.4 and I have the same sh*t again...
> >
> > [...]
> >
> > I had last time with security, but in this time, I'm 95% sure, that all fit correctly. Any idea where I made mistake or what to check?
> >
> > In pics below I show how it (doesn't) works now.
>
> I just found that 5% of sure... It looks like problem is not in this patch, but in database. I tested fresh instalation of REDMINE 4.2.4 with own (test) database and it worked OK. After that I take production database from different machine, replace test database and it doesn't work. Pictures aren't visible in email body.
>
> Do you have any idea what I do wrong? Thanks for help.

Nobody? :-(

--------------------------------------------------------------------------------

relates,New,3760,E-mail notifications for issue update/creation should include the attachments in the email
relates,Closed,16989,Inline images in email does not appear when thumbnail macro is used.
duplicates,Closed,9131,Link to attachment broken in notification email at issue creation
duplicates,Closed,5672,Inline images in issues description don't have a full path in emails.