Fails if CodiMD auth method is SAML

[fdamken]

When CodiMD uses SAML for authentication, the email column is not set in the CodiMD-Database. Thus, the pads are not shown in the list in Redmine because of the query condition email IS NOT NULL in the file app/models/codimd_pad.rb.

[alexandermeindl]

This plugin requires the email address to permit redmine project users to see codimd documents with project identifier prefix. Without an email, there is no association between redmine and codimd users in this plugins. If you drop this check (like in your fork), this plugin will not work as expected with redmine project identifier prefix.

Moreover, you will see all CodiMD documets from all users in CodiMD (but this can also be wanted).

[fdamken]

Makes sense, I just took a look into my SQL-Logs of the server showing this query before my patch:

SELECT COUNT(*)
FROM Notes
INNER JOIN Users
ON Users.id = Notes.ownerId
WHERE (title is NOT NULL)
    AND (email is NOT NULL)
    AND (permission!='private' OR email IN('email@example.org'))
    AND (LOWER(title) LIKE 'key:%')

and these queries after applying my patch:

SELECT COUNT(*)
FROM Notes
INNER JOIN Users
ON Users.id = Notes.ownerId
WHERE (title is NOT NULL)
    AND (permission!='private' OR email IN('email@example.org'))
    AND (LOWER(title) LIKE 'key:%')

and then requesting the actual data:

SELECT  Notes.*
FROM Notes
INNER JOIN Users
ON Users.id = Notes.ownerId
WHERE (title is NOT NULL)
    AND (permission!='private' OR email IN('email@example.org'))
    AND (LOWER(title) LIKE 'key:%')
ORDER BY Notes.updatedAt DESC
LIMIT 25
OFFSET 0

For me it looks like the only changed part of the query is the (email is NOT NULL) part, while the mailaddress check is still included.

---

As I am in an SAML-authenticated environment, I cannot check whether it still works as expected but I expect it to do so (by reading the queries); of course this is not a guarantee, because software is software and seems to work non-deterministically :smile: