Order two_factor_enabled short-circuiting by usage

app/decorators/mfa_context.rb

@@ -81,10 +81,10 @@ def two_factor_configurations
 
   def two_factor_enabled?
     return true if phone_configurations.any?(&:mfa_enabled?)
-    return true if piv_cac_configurations.any?(&:mfa_enabled?)
-    return true if auth_app_configurations.any?(&:mfa_enabled?)
-    return true if backup_code_configurations.any?(&:mfa_enabled?)
     return true if webauthn_configurations.any?(&:mfa_enabled?)
+    return true if backup_code_configurations.any?(&:mfa_enabled?)
+    return true if auth_app_configurations.any?(&:mfa_enabled?)
+    return true if piv_cac_configurations.any?(&:mfa_enabled?)
     return false
   end
 

spec/decorators/mfa_context_spec.rb

@@ -204,6 +204,22 @@
     end
   end
 
+  describe '#two_factor_enabled?' do
+    subject(:two_factor_enabled?) { mfa.two_factor_enabled? }
+
+    context 'when user has an associated mfa' do
+      let(:user) { create(:user, :with_phone) }
+
+      it { expect(two_factor_enabled?).to eq(true) }
+    end
+
+    context 'when user does not have any associated mfa' do
+      let(:user) { create(:user) }
+
+      it { expect(two_factor_enabled?).to eq(false) }
+    end
+  end
+
   describe '#enabled_mfa_methods_count' do
     context 'with 2 phones' do
       it 'returns 2' do

spec/models/user_spec.rb

@@ -99,20 +99,6 @@
     end
   end
 
-  context '#two_factor_enabled?' do
-    it 'is true when user has a confirmed phone' do
-      user = create(:user, :with_phone)
-
-      expect(MfaPolicy.new(user).two_factor_enabled?).to eq true
-    end
-
-    it 'is false when user does not have a phone' do
-      user = create(:user)
-
-      expect(MfaPolicy.new(user).two_factor_enabled?).to eq false
-    end
-  end
-
   describe '#fully_registered?' do
     let(:user) { create(:user) }
     subject(:fully_registered?) { user.fully_registered? }