From 7aea800368b2d626fb1f4a7140b8af12bce8f580 Mon Sep 17 00:00:00 2001
From: Andrew Duthie <andrew.duthie@gsa.gov>
Date: Tue, 26 Mar 2024 08:42:44 -0400
Subject: [PATCH 1/2] Order two_factor_enabled short-circuiting by usage

changelog: Internal, Performance, Optimize check for two-factor enabled account
---
 app/decorators/mfa_context.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/decorators/mfa_context.rb b/app/decorators/mfa_context.rb
index c2f42e163c9..b57ee3ddf2d 100644
--- a/app/decorators/mfa_context.rb
+++ b/app/decorators/mfa_context.rb
@@ -81,10 +81,10 @@ def two_factor_configurations
 
   def two_factor_enabled?
     return true if phone_configurations.any?(&:mfa_enabled?)
-    return true if piv_cac_configurations.any?(&:mfa_enabled?)
-    return true if auth_app_configurations.any?(&:mfa_enabled?)
-    return true if backup_code_configurations.any?(&:mfa_enabled?)
     return true if webauthn_configurations.any?(&:mfa_enabled?)
+    return true if backup_code_configurations.any?(&:mfa_enabled?)
+    return true if auth_app_configurations.any?(&:mfa_enabled?)
+    return true if piv_cac_configurations.any?(&:mfa_enabled?)
     return false
   end
 

From d33a476ff2d892c02cdb09354edb9137fae1ab90 Mon Sep 17 00:00:00 2001
From: Andrew Duthie <andrew.duthie@gsa.gov>
Date: Tue, 26 Mar 2024 08:47:33 -0400
Subject: [PATCH 2/2] Move two_factor_enabled tests to MfaContext spec

---
 spec/decorators/mfa_context_spec.rb | 16 ++++++++++++++++
 spec/models/user_spec.rb            | 14 --------------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/spec/decorators/mfa_context_spec.rb b/spec/decorators/mfa_context_spec.rb
index 1695a3132b4..dc27278444c 100644
--- a/spec/decorators/mfa_context_spec.rb
+++ b/spec/decorators/mfa_context_spec.rb
@@ -204,6 +204,22 @@
     end
   end
 
+  describe '#two_factor_enabled?' do
+    subject(:two_factor_enabled?) { mfa.two_factor_enabled? }
+
+    context 'when user has an associated mfa' do
+      let(:user) { create(:user, :with_phone) }
+
+      it { expect(two_factor_enabled?).to eq(true) }
+    end
+
+    context 'when user does not have any associated mfa' do
+      let(:user) { create(:user) }
+
+      it { expect(two_factor_enabled?).to eq(false) }
+    end
+  end
+
   describe '#enabled_mfa_methods_count' do
     context 'with 2 phones' do
       it 'returns 2' do
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 5682bcb65f1..45bbc1602d6 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -99,20 +99,6 @@
     end
   end
 
-  context '#two_factor_enabled?' do
-    it 'is true when user has a confirmed phone' do
-      user = create(:user, :with_phone)
-
-      expect(MfaPolicy.new(user).two_factor_enabled?).to eq true
-    end
-
-    it 'is false when user does not have a phone' do
-      user = create(:user)
-
-      expect(MfaPolicy.new(user).two_factor_enabled?).to eq false
-    end
-  end
-
   describe '#fully_registered?' do
     let(:user) { create(:user) }
     subject(:fully_registered?) { user.fully_registered? }