Add tests for serialization entities, add user entity

app/serializers/commit_entity.rb

 class CommitEntity < API::Entities::RepoCommit
   include RequestAwareEntity
 
-  expose :author, using: API::Entities::UserBasic
+  expose :author, using: UserEntity
 
   expose :commit_url do |commit|
     @urls.namespace_project_tree_url(

app/serializers/deployment_entity.rb

@@ -20,7 +20,7 @@ class DeploymentEntity < Grape::Entity
 
   expose :tag
   expose :last?
-  expose :user, using: API::Entities::UserBasic
+  expose :user, using: UserEntity
   expose :commit, using: CommitEntity
   expose :deployable, using: BuildEntity
   expose :manual_actions, using: BuildEntity

app/serializers/user_entity.rb

+class UserEntity < API::Entities::UserBasic
+end

spec/serializers/build_entity_spec.rb

@@ -14,6 +14,11 @@ describe BuildEntity do
       expect(subject).to include(:build_url, :retry_url)
       expect(subject).not_to include(:play_url)
     end
+
+    it 'does not contain sensitive information' do
+      expect(subject).not_to include(/token/)
+      expect(subject).not_to include(/variables/)
+    end
   end
 
   context 'when build is a manual action' do

spec/serializers/commit_entity_spec.rb

+require 'spec_helper'
+
+describe CommitEntity do
+  let(:entity) do
+    described_class.new(commit, request: request)
+  end
+
+  let(:request) { double('request') }
+  let(:project) { create(:project) }
+  let(:commit) { project.commit }
+
+  subject { entity.as_json }
+
+  before do
+    allow(request).to receive(:project).and_return(project)
+  end
+
+  context 'when commit author is a user' do
+    before do
+      create(:user, email: commit.author_email)
+    end
+
+    it 'contains information about user' do
+      expect(subject.fetch(:author)).not_to be_nil
+    end
+  end
+
+  context 'when commit author is not a user' do
+    it 'does not contain author details' do
+      expect(subject.fetch(:author)).to be_nil
+    end
+  end
+
+  it 'contains commit URL' do
+    expect(subject).to include(:commit_url)
+  end
+
+  it 'needs to receive project in the request' do
+    expect(request).to receive(:project)
+      .and_return(project)
+
+    subject
+  end
+end

spec/serializers/user_entity_spec.rb

+require 'spec_helper'
+
+describe UserEntity do
+  let(:entity) { described_class.new(user) }
+  let(:user) { create(:user) }
+  subject { entity.as_json }
+
+  it 'exposes user name and login' do
+    expect(subject).to include(:username, :name)
+  end
+
+  it 'does not expose passwords' do
+    expect(subject).not_to include(/password/)
+  end
+
+  it 'does not expose tokens' do
+    expect(subject).not_to include(/token/)
+  end
+
+  it 'does not expose 2FA OTPs' do
+    expect(subject).not_to include(/otp/)
+  end
+end