require'spec_helper'describeUserEntitydolet(:entity){described_class.new(user)}let(:user){create(:user)}subject{entity.as_json}it'exposes user name and login'doexpect(subject).toinclude(:username,:name)endit'does not expose passwords'doexpect(subject).not_toinclude(/password/)endit'does not expose tokens'doexpect(subject).not_toinclude(/token/)endit'does not expose 2FA OTPs'doexpect(subject).not_toinclude(/otp/)endend