Bug 28787: Fix misleading tests in two_factor_auth.t

We were having a "Patron is not authenticated yet" comment, but it was not correct,
we set 'number' and 'id' in session, and waiting-for-2FA was not set => the patron is fully authenticated.
The test returned 401 because we fully authenticated user cannot request
an otp token when not waiting for the second auth step.

This situation is already covered (last test of the subtest).

Test plan:
  prove t/db_dependent/api/v1/two_factor_auth.t
must return green

Sponsored-by: Rijksmuseum, Netherlands

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

t/db_dependent/api/v1/two_factor_auth.t

@@ -57,8 +57,6 @@ subtest 'send_otp_token' => sub {
     );
 
     my $session = C4::Auth::get_session('');
-    $session->param( 'number',   $patron->borrowernumber );
-    $session->param( 'id',       $patron->userid );
     $session->param( 'ip',       '127.0.0.1' );
     $session->param( 'lasttime', time() );
     $session->flush;
@@ -70,6 +68,9 @@ subtest 'send_otp_token' => sub {
     # Patron is not authenticated yet
     $t->request_ok($tx)->status_is(401);
 
+    # Patron is partially authenticated (credentials correct)
+    $session->param( 'number',   $patron->borrowernumber );
+    $session->param( 'id',       $patron->userid );
     $session->param('waiting-for-2FA', 1);
     $session->flush;
 
@@ -108,6 +109,7 @@ subtest 'send_otp_token' => sub {
     $t->request_ok($tx)->status_is(403);
     $patron->flags(20)->store;
 
+    # Patron is fully authenticated, cannot request a token again
     $session->param('waiting-for-2FA', 0);
     $session->flush;
     $tx = $t->ua->build_tx( POST => "/api/v1/auth/otp/token_delivery" );