From 9e40431d3a40ff4bada01588a1cb1050721fcf13 Mon Sep 17 00:00:00 2001
From: Sojan Jose <sojan@pepalo.com>
Date: Mon, 9 Mar 2026 08:04:36 -0700
Subject: [PATCH] feat: show MFA status on Super Admin user page (#13724)

This PR adds an MFA row to the individual Super Admin user page and
shows the current state as Enabled or Disabled with a compact status
badge.

Fixes #13723

## Screens

<img width="1370" height="1043" alt="image"
src="https://github.com/user-attachments/assets/b9fee284-43b7-4bbb-9f60-b71ab34b96b7"
/>


<img width="1370" height="1043" alt="image"
src="https://github.com/user-attachments/assets/23c5e6d3-24b8-40d2-9134-0c2b1dc98b41"
/>
---
 app/views/super_admin/users/show.html.erb     |  8 +++++++
 .../super_admin/users_controller_spec.rb      | 23 ++++++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/app/views/super_admin/users/show.html.erb b/app/views/super_admin/users/show.html.erb
index d8b2c6102..f7ac71480 100644
--- a/app/views/super_admin/users/show.html.erb
+++ b/app/views/super_admin/users/show.html.erb
@@ -53,6 +53,14 @@ as well as a link to its edit page.
         <% end %>
       </fieldset>
     <% end %>
+
+    <dt class="attribute-label" id="mfa_enabled">MFA</dt>
+    <dd class="attribute-data attribute-data--string">
+      <% mfa_enabled = page.resource.mfa_enabled? %>
+      <span class="<%= mfa_enabled ? 'bg-green-100/70 text-green-800' : 'bg-slate-100 text-slate-700' %> inline-flex items-center px-2 h-4 leading-4 rounded-xl text-xxs font-medium">
+        <%= mfa_enabled ? 'Enabled' : 'Disabled' %>
+      </span>
+    </dd>
   </dl>
 </section>
 
diff --git a/spec/controllers/super_admin/users_controller_spec.rb b/spec/controllers/super_admin/users_controller_spec.rb
index 894c9d425..e1461f554 100644
--- a/spec/controllers/super_admin/users_controller_spec.rb
+++ b/spec/controllers/super_admin/users_controller_spec.rb
@@ -12,7 +12,7 @@ RSpec.describe 'Super Admin Users API', type: :request do
     end
 
     context 'when it is an authenticated super admin' do
-      let!(:user) { create(:user) }
+      let!(:user) { create(:user, name: 'Disabled User') }
       let!(:params) do
         { user: {
           name: 'admin@example.com',
@@ -27,9 +27,13 @@ RSpec.describe 'Super Admin Users API', type: :request do
       it 'shows the list of users' do
         sign_in(super_admin, scope: :super_admin)
         get '/super_admin/users'
+        doc = Nokogiri::HTML(response.body)
+        header_texts = doc.css('table thead th').map { |header| header.text.squish }
+
         expect(response).to have_http_status(:success)
         expect(response.body).to include('New user')
         expect(response.body).to include(CGI.escapeHTML(user.name))
+        expect(header_texts).not_to include('MFA')
       end
 
       it 'creates the new super_admin record' do
@@ -100,4 +104,21 @@ RSpec.describe 'Super Admin Users API', type: :request do
       expect(mail_jobs.count).to be >= 1
     end
   end
+
+  describe 'GET /super_admin/users/:id' do
+    let!(:user) { create(:user, name: 'MFA Enabled User', otp_required_for_login: true) }
+
+    it 'shows the MFA status on the user detail page' do
+      sign_in(super_admin, scope: :super_admin)
+
+      get "/super_admin/users/#{user.id}"
+      doc = Nokogiri::HTML(response.body)
+      labels = doc.css('dt.attribute-label').map { |label| label.text.squish }
+
+      expect(response).to have_http_status(:success)
+      expect(labels).to include('MFA')
+      expect(response.body).to include('Enabled')
+      expect(response.body).to include(CGI.escapeHTML(user.name))
+    end
+  end
 end