Do not include sensitive information in the inspect

I'd like to add this functionality to filter out sensitive information because these are exposed when an exception occurs.
In my case, I had to manually catch any exception that could occur and send them to an error tracker and noticed that all these attributes were exposed.

Of course, the main problem was that my code resulted in throwing this exception, but to me it also felt like a good suggestion to filter these attributes so they aren't unintentionally being exposed.

Author: manuelvanrijn

lib/oauth2.rb

@@ -10,6 +10,7 @@
 
 # includes gem files
 require 'oauth2/version'
+require 'oauth2/filtered_attributes'
 require 'oauth2/error'
 require 'oauth2/authenticator'
 require 'oauth2/client'

lib/oauth2/access_token.rb

@@ -6,8 +6,11 @@ class AccessToken # rubocop:disable Metrics/ClassLength
     TOKEN_KEYS_SYM = %i[access_token id_token token accessToken idToken].freeze
     TOKEN_KEY_LOOKUP = TOKEN_KEYS_STR + TOKEN_KEYS_SYM
 
+    include FilteredAttributes
+
     attr_reader :client, :token, :expires_in, :expires_at, :expires_latency, :params
     attr_accessor :options, :refresh_token, :response
+    filtered_attributes :token, :refresh_token
 
     class << self
       # Initializes an AccessToken from a Hash

lib/oauth2/authenticator.rb

@@ -4,7 +4,10 @@
 
 module OAuth2
   class Authenticator
+    include FilteredAttributes
+
     attr_reader :mode, :id, :secret
+    filtered_attributes :secret
 
     def initialize(id, secret, mode)
       @id = id

lib/oauth2/client.rb

@@ -16,9 +16,12 @@ module OAuth2
   class Client # rubocop:disable Metrics/ClassLength
     RESERVED_PARAM_KEYS = %w[body headers params parse snaky].freeze
 
+    include FilteredAttributes
+
     attr_reader :id, :secret, :site
     attr_accessor :options
     attr_writer :connection
+    filtered_attributes :secret
 
     # Instantiate a new OAuth 2.0 client using the
     # Client ID and Client Secret registered to your

lib/oauth2/filtered_attributes.rb

@@ -0,0 +1,31 @@
+module OAuth2
+  module FilteredAttributes
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def filtered_attributes(*attributes)
+        @filtered_attribute_names = attributes.map(&:to_sym)
+      end
+
+      def filtered_attribute_names
+        @filtered_attribute_names || []
+      end
+    end
+
+    def inspect
+      filtered_attribute_names = self.class.filtered_attribute_names
+      return super if filtered_attribute_names.empty?
+
+      inspected_vars = instance_variables.map do |var|
+        if filtered_attribute_names.any? { |filtered_var| var.to_s.include?(filtered_var.to_s) }
+          "#{var}=[FILTERED]"
+        else
+          "#{var}=#{instance_variable_get(var).inspect}"
+        end
+      end
+      "#<#{self.class}:#{object_id} #{inspected_vars.join(', ')}>"
+    end
+  end
+end

spec/oauth2/access_token_spec.rb

@@ -741,4 +741,16 @@ def self.contains_token?(hash)
       expect(access_token.to_hash).to eq(hash)
     end
   end
+
+  describe '#inspect' do
+    let(:inspect_result) { described_class.new(nil, 'secret-token', { refresh_token: 'secret-refresh-token' }).inspect }
+
+    it 'filters out the @token value' do
+      expect(inspect_result).to include('@token=[FILTERED]')
+    end
+
+    it 'filters out the @refresh_token value' do
+      expect(inspect_result).to include('@refresh_token=[FILTERED]')
+    end
+  end
 end

spec/oauth2/authenticator_spec.rb

@@ -123,4 +123,10 @@
       end
     end
   end
+
+  describe '#inspect' do
+    it 'filters out the @secret value' do
+      expect(subject.inspect).to include('@secret=[FILTERED]')
+    end
+  end
 end

spec/oauth2/client_spec.rb

@@ -967,4 +967,10 @@ def stubbed_client(params = {}, &stubs)
       expect(subject.connection.builder.handlers).to include(Faraday::Request::UrlEncoded)
     end
   end
+
+  describe '#inspect' do
+    it 'filters out the @secret value' do
+      expect(subject.inspect).to include('@secret=[FILTERED]')
+    end
+  end
 end