The test case wherein 2FA is required after logging in fails
intermittently with `mr_attention_requests` feature flag on.

This is because at the time of this writing, a graphql request
redirects to 2FA page (this is not shown to the user) resulting to
a new secret generated which is different from what shown to the
user.

This refactors the scenario to get the OTP based on the secret
shown on the page instead. This way, we replicate a real life
usage of the feature instead.