require 'spec_helper' describe UserEntity do let(:entity) { described_class.new(user) } let(:user) { create(:user) } subject { entity.as_json } it 'exposes user name and login' do expect(subject).to include(:username, :name) end it 'does not expose passwords' do expect(subject).not_to include(/password/) end it 'does not expose tokens' do expect(subject).not_to include(/token/) end it 'does not expose 2FA OTPs' do expect(subject).not_to include(/otp/) end end