Ensure LogEntry only saves safe data

[elia]

Summary

Moving all the serialization/deserialization of Spree::LogEntry details to one place and using a consistent proxy attribute.

This begs for proper ActiveRecord serialization but before doing that we need to think through the migration path for existing stores.

This change is intentionally minimal, enough to allow all writers of log entries to use the same serialization method.

Checklist

Check out our PR guidelines for more details.

The following are mandatory for all PRs:

• I have written a thorough PR description.
• I have kept my commits small and atomic.
• I have used clear, explanatory commit messages.

The following are not always needed:

• 📖 I have updated the README to account for my changes.
• 📑 I have documented new code with YARD.
• 🛣️ I have opened a PR to update the guides.
• ✅ I have added automated tests to cover my changes.
• 📸 I have attached screenshots to demo visual changes.

[codecov]

Codecov Report

Merging #4950 (2804ce2) into master (0d89c89) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #4950   +/-   ##
=======================================
  Coverage   86.69%   86.69%           
=======================================
  Files         578      578           
  Lines       14674    14681    +7     
=======================================
+ Hits        12721    12728    +7     
  Misses       1953     1953           

Impacted Files	Coverage Δ
core/app/models/spree/log_entry.rb	100.00% <100.00%> (ø)
core/app/models/spree/payment/processing.rb	98.03% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[waiting-for-dev]

Thanks @elia, that's a nice improvements. I left two suggestions to your judgment 🙂

[waiting-for-dev]

I had to double-check that create! will accept the parsed_details attribute even if it's not a table field. Non-blocking, but what do you think if we make the implementation and interface clearer by creating another method like Spree::LogEntry.log or similar?

[waiting-for-dev]

Also non-blocking, but it's easy to decouple the test from the implementation by using any Ruby object as fixture (as Object#to_yaml is part of core). Thoughts?

[elia]

@waiting-for-dev I added a few more commits, because despite the change I ended up with an exception in solidus_stripe while trying to parse a serialized hash that had symbol keys. So now we'll also safe_dump when using parsed_details=. We don't have backward compatibility concerns as parsed_details= is a new method.

I adapted all the tests for #parsed_details and shared the error handling between the two methods.

creating another method like Spree::LogEntry.log or similar?

I think this is a great idea, although the interface should probably go on the association or on the associated object. I'd say this is beyond the scope of what I meant to fix with this PR 😅

[kennyadsl]

Nice, thanks @elia!