fix: add mfa e2e test scenarios and resolve found issues

package.json

@@ -7,16 +7,18 @@
   "scripts": {
     "format": "prettier --write ${npm_package_config_prettierTarget}",
     "format:check": "prettier --check ${npm_package_config_prettierTarget}",
-    "test": "cypress run",
-    "test:watch": "cypress open",
+    "test": "cypress run --browser chrome",
+    "test:watch": "cypress open --browser chrome",
     "openapi-generator-cli": "openapi-generator-cli",
     "wait-on": "wait-on",
     "text-run": "exit 0"
   },
   "devDependencies": {
+    "chrome-remote-interface": "^0.31.0",
     "cypress": "^8.3.0",
     "dayjs": "^1.10.4",
     "ory-prettier-styles": "1.1.1",
+    "otplib": "^12.0.1",
     "prettier": "2.2.1",
     "wait-on": "5.3.0"
   },

selfservice/flow/login/sort.go

@@ -8,6 +8,9 @@ func sortNodes(n node.Nodes) error {
 			node.DefaultGroup,
 			node.OpenIDConnectGroup,
 			node.PasswordGroup,
+			node.WebAuthnGroup,
+			node.TOTPGroup,
+			node.LookupGroup,
 		}),
 		node.SortUseOrder([]string{
 			"password_identifier",

selfservice/strategy/lookup/fixtures/login/with.json

@@ -1,4 +1,17 @@
 [
+  {
+    "attributes": {
+      "disabled": false,
+      "name": "csrf_token",
+      "required": true,
+      "type": "hidden",
+      "value": "YXA2OGtnOXZ3a3F3M3M3MGVtYXBraHJjeHEyMzB5aTU="
+    },
+    "group": "default",
+    "messages": [],
+    "meta": {},
+    "type": "input"
+  },
   {
     "attributes": {
       "disabled": false,
@@ -31,24 +44,11 @@
     "meta": {
       "label": {
         "context": {},
-        "id": 1010001,
-        "text": "Sign in",
+        "id": 1010010,
+        "text": "Use backup recovery code",
         "type": "info"
       }
     },
     "type": "input"
-  },
-  {
-    "attributes": {
-      "disabled": false,
-      "name": "csrf_token",
-      "required": true,
-      "type": "hidden",
-      "value": "anhicmI2dWFhMWlwbHlydWNhZnF4cW13dXhmOW1ucDc="
-    },
-    "group": "default",
-    "messages": [],
-    "meta": {},
-    "type": "input"
   }
 ]

selfservice/strategy/lookup/login.go

@@ -50,7 +50,7 @@ func (s *Strategy) PopulateLoginMethod(r *http.Request, requestedAAL identity.Au
 
 	sr.UI.SetCSRF(s.d.GenerateCSRFToken(r))
 	sr.UI.SetNode(node.NewInputField(node.LookupCodeEnter, "", node.LookupGroup, node.InputAttributeTypeText, node.WithRequiredInputAttribute).WithMetaLabel(text.NewInfoLoginLookupLabel()))
-	sr.UI.GetNodes().Append(node.NewInputField("method", s.ID(), node.LookupGroup, node.InputAttributeTypeSubmit).WithMetaLabel(text.NewInfoLogin()))
+	sr.UI.GetNodes().Append(node.NewInputField("method", s.ID(), node.LookupGroup, node.InputAttributeTypeSubmit).WithMetaLabel(text.NewInfoLoginLookup()))
 
 	return nil
 }

selfservice/strategy/lookup/login_test.go

@@ -57,7 +57,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		apiClient := testhelpers.NewHTTPClientWithIdentitySessionToken(t, reg, id)
 		f := testhelpers.InitializeLoginFlowViaAPI(t, apiClient, publicTS, false, testhelpers.InitFlowWithAAL(identity.AuthenticatorAssuranceLevel2))
-		assertx.EqualAsJSONExcept(t, json.RawMessage(loginFixtureWithLookup), f.Ui.Nodes, []string{"2.attributes.value"})
+		assertx.EqualAsJSONExcept(t, json.RawMessage(loginFixtureWithLookup), f.Ui.Nodes, []string{"0.attributes.value"})
 	})
 
 	t.Run("case=lookup payload is not set when identity has no lookup", func(t *testing.T) {

selfservice/strategy/password/login_test.go

@@ -653,7 +653,7 @@ func TestCompleteLogin(t *testing.T) {
 
 		require.Contains(t, res.Request.URL.Path, "return-ts", "%s", res.Request.URL.String())
 		assert.Equal(t, identifier, gjson.Get(body2, "identity.traits.subject").String(), "%s", body2)
-		assert.NotEqual(t, gjson.Get(body1, "id").String(), gjson.Get(body2, "id").String(), "%s\n\n%s\n", body1, body2)
+		assert.Equal(t, gjson.Get(body1, "id").String(), gjson.Get(body2, "id").String(), "%s\n\n%s\n", body1, body2)
 	})
 
 	t.Run("should login same identity regardless of identifier capitalization", func(t *testing.T) {