Fix #249: leaking of options and internals in default serialization.

dblock · dblock · commit 4eede6b0ebb1 · 2016-11-20T10:08:39.000-05:00
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -1,42 +1,45 @@
-# This configuration was generated by `rubocop --auto-gen-config`
-# on 2015-08-10 13:14:22 +0300 using RuboCop version 0.31.0.
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2016-11-20 10:04:42 -0500 using RuboCop version 0.45.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
 # Offense count: 6
 Metrics/AbcSize:
-  Max: 33
+  Max: 32
 
 # Offense count: 2
 # Configuration parameters: CountComments.
 Metrics/ClassLength:
-  Max: 202
+  Max: 206
 
 # Offense count: 3
 Metrics/CyclomaticComplexity:
   Max: 11
 
-# Offense count: 210
-# Configuration parameters: AllowURI, URISchemes.
+# Offense count: 237
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives.
+# URISchemes: http, https
 Metrics/LineLength:
   Max: 146
 
-# Offense count: 8
+# Offense count: 6
 # Configuration parameters: CountComments.
 Metrics/MethodLength:
   Max: 28
 
-# Offense count: 5
+# Offense count: 2
 Metrics/PerceivedComplexity:
   Max: 13
 
-# Offense count: 58
+# Offense count: 33
 Style/Documentation:
   Enabled: false
 
 # Offense count: 1
-# Configuration parameters: Exclude.
+# Configuration parameters: ExpectMatchingDefinition, Regex, IgnoreExecutableScripts.
 Style/FileName:
-  Enabled: false
+  Exclude:
+    - 'lib/grape-entity.rb'
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,4 @@
-### Next
+### 0.6.0 (Next)
 
 #### Features
 
@@ -7,6 +7,7 @@
 
 #### Fixes
 
+* [#249](https://github.com/ruby-grape/grape-entity/issues/249): Fix leaking of options and internals in default serialization - [@dblock](https://github.com/dblock), [@KingsleyKelly](https://github.com/KingsleyKelly).
 * [#248](https://github.com/ruby-grape/grape-entity/pull/248): Fix `nil` values causing errors when `merge` option passed - [@arempe93](https://github.com/arempe93).
 * Your contribution here.
 
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -1,8 +1,18 @@
 Upgrading Grape Entity
 ===============
 
+### Upgrading to >= 0.6.0
+
+#### Changes in Grape::Entity#inspect
+
+The `Grape::Entity#inspect` method will no longer serialize the entity presenter with its options and delegator, but the exposed entity itself, using `#serializable_hash`.
+
+See [#250](https://github.com/ruby-grape/grape-entity/pull/250) for more information.
+
 ### Upgrading to >= 0.5.1
 
-* `Grape::Entity::Exposure::NestingExposure::NestedExposures.delete_if` always
-returns exposures, regardless of delete result (used to be
-`nil` in negative case), see [#203](https://github.com/ruby-grape/grape-entity/pull/203).
+#### Changes in NestedExposures.delete_if
+
+`Grape::Entity::Exposure::NestingExposure::NestedExposures.delete_if` always returns exposures, regardless of delete result (used to be `nil` in negative case).
+
+See [#203](https://github.com/ruby-grape/grape-entity/pull/203) for more information.
diff --git a/lib/grape_entity/entity.rb b/lib/grape_entity/entity.rb
@@ -424,6 +424,12 @@ def presented
       end
     end
 
+    # Prevent default serialization of :options or :delegator.
+    def inspect
+      fields = serializable_hash.map { |k, v| "#{k}=#{v}" }
+      "#<#{self.class.name}:#{object_id} #{fields.join(' ')}>"
+    end
+
     def initialize(object, options = {})
       @object = object
       @delegator = Delegator.new object
diff --git a/lib/grape_entity/version.rb b/lib/grape_entity/version.rb
@@ -1,3 +1,3 @@
 module GrapeEntity
-  VERSION = '0.5.2'.freeze
+  VERSION = '0.6.0'.freeze
 end
diff --git a/spec/grape_entity/entity_spec.rb b/spec/grape_entity/entity_spec.rb
@@ -1347,6 +1347,22 @@ class NoPathCharacterEntity < Grape::Entity
       end
     end
 
+    describe '#inspect' do
+      before do
+        fresh_class.class_eval do
+          expose :name, :email
+        end
+      end
+
+      it 'does not serialize delegator or options' do
+        data = subject.inspect
+        expect(data).to include 'name='
+        expect(data).to include 'email='
+        expect(data).to_not include '@options'
+        expect(data).to_not include '@delegator'
+      end
+    end
+
     describe '#value_for' do
       before do
         fresh_class.class_eval do
