feat(auth): [PM-13659] implement 2FA timeout handling across clients

Add timeout state management for two-factor authentication flows in web, desktop,
and browser extension clients. Includes:

- New timeout screen component with 5-minute session limit
- Updated UI elements and styling
- Comprehensive test coverage

Refs: PM-13659

apps/browser/src/_locales/en/messages.json

@@ -1319,6 +1319,12 @@
   "enterVerificationCodeApp": {
     "message": "Enter the 6 digit verification code from your authenticator app."
   },
+  "authenticationTimeout": {
+    "message": "Authentication timeout"
+  },
+  "authenticationSessionTimedOut": {
+    "message": "The authentication session timed out. Please restart the login process."
+  },
   "enterVerificationCodeEmail": {
     "message": "Enter the 6 digit verification code that was emailed to $EMAIL$.",
     "placeholders": {

apps/browser/src/popup/app-routing.module.ts

@@ -6,6 +6,7 @@ import {
   EnvironmentSelectorRouteData,
   ExtensionDefaultOverlayPosition,
 } from "@bitwarden/angular/auth/components/environment-selector.component";
+import { TwoFactorTimeoutComponent } from "@bitwarden/angular/auth/components/two-factor-auth/two-factor-auth-expired.component";
 import { unauthUiRefreshRedirect } from "@bitwarden/angular/auth/functions/unauth-ui-refresh-redirect";
 import { unauthUiRefreshSwap } from "@bitwarden/angular/auth/functions/unauth-ui-refresh-route-swap";
 import {
@@ -38,6 +39,7 @@ import {
   VaultIcon,
   LoginDecryptionOptionsComponent,
   DevicesIcon,
+  TwoFactorTimeoutIcon,
 } from "@bitwarden/auth/angular";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
@@ -199,6 +201,29 @@ const routes: Routes = [
       ],
     },
   ),
+  {
+    path: "",
+    component: ExtensionAnonLayoutWrapperComponent,
+    children: [
+      {
+        path: "2fa-timeout",
+        canActivate: [unauthGuardFn(unauthRouteOverrides)],
+        children: [
+          {
+            path: "",
+            component: TwoFactorTimeoutComponent,
+          },
+        ],
+        data: {
+          pageTitle: {
+            key: "authenticationTimeout",
+          },
+          pageIcon: TwoFactorTimeoutIcon,
+          elevation: 1,
+        } satisfies RouteDataProperties & AnonLayoutWrapperData,
+      },
+    ],
+  },
   {
     path: "2fa-options",
     component: TwoFactorOptionsComponent,

apps/desktop/src/app/app-routing.module.ts

@@ -5,6 +5,7 @@ import {
   DesktopDefaultOverlayPosition,
   EnvironmentSelectorComponent,
 } from "@bitwarden/angular/auth/components/environment-selector.component";
+import { TwoFactorTimeoutComponent } from "@bitwarden/angular/auth/components/two-factor-auth/two-factor-auth-expired.component";
 import { unauthUiRefreshSwap } from "@bitwarden/angular/auth/functions/unauth-ui-refresh-route-swap";
 import {
   authGuard,
@@ -35,6 +36,7 @@ import {
   VaultIcon,
   LoginDecryptionOptionsComponent,
   DevicesIcon,
+  TwoFactorTimeoutIcon,
 } from "@bitwarden/auth/angular";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
@@ -96,6 +98,22 @@ const routes: Routes = [
       ],
     },
   ),
+  {
+    path: "2fa-timeout",
+    component: AnonLayoutWrapperComponent,
+    children: [
+      {
+        path: "",
+        component: TwoFactorTimeoutComponent,
+      },
+    ],
+    data: {
+      pageIcon: TwoFactorTimeoutIcon,
+      pageTitle: {
+        key: "authenticationTimeout",
+      },
+    } satisfies RouteDataProperties & AnonLayoutWrapperData,
+  },
   { path: "register", component: RegisterComponent },
   {
     path: "vault",

apps/desktop/src/locales/en/messages.json

@@ -919,6 +919,12 @@
   "baseUrl": {
     "message": "Server URL"
   },
+  "authenticationTimeout": {
+    "message": "Authentication timeout"
+  },
+  "authenticationSessionTimedOut": {
+    "message": "The authentication session timed out. Please restart the login process."
+  },
   "selfHostBaseUrl": {
     "message": "Self-host server URL",
     "description": "Label for field requesting a self-hosted integration service URL"

apps/web/src/app/oss-routing.module.ts

@@ -1,6 +1,7 @@
 import { NgModule } from "@angular/core";
 import { Route, RouterModule, Routes } from "@angular/router";
 
+import { TwoFactorTimeoutComponent } from "@bitwarden/angular/auth/components/two-factor-auth/two-factor-auth-expired.component";
 import { unauthUiRefreshSwap } from "@bitwarden/angular/auth/functions/unauth-ui-refresh-route-swap";
 import {
   authGuard,
@@ -26,6 +27,7 @@ import {
   LoginSecondaryContentComponent,
   LockV2Component,
   LockIcon,
+  TwoFactorTimeoutIcon,
   UserLockIcon,
   LoginViaAuthRequestComponent,
   DevicesIcon,
@@ -507,7 +509,6 @@ const routes: Routes = [
           } satisfies AnonLayoutWrapperData,
         },
       ),
-
       {
         path: "2fa",
         canActivate: [unauthGuardFn()],
@@ -527,6 +528,28 @@ const routes: Routes = [
           },
         } satisfies RouteDataProperties & AnonLayoutWrapperData,
       },
+      {
+        path: "2fa-timeout",
+        canActivate: [unauthGuardFn()],
+        children: [
+          {
+            path: "",
+            component: TwoFactorTimeoutComponent,
+          },
+          {
+            path: "",
+            component: EnvironmentSelectorComponent,
+            outlet: "environment-selector",
+          },
+        ],
+        data: {
+          pageIcon: TwoFactorTimeoutIcon,
+          pageTitle: {
+            key: "authenticationTimeout",
+          },
+          titleId: "authenticationTimeout",
+        } satisfies RouteDataProperties & AnonLayoutWrapperData,
+      },
       {
         path: "recover-2fa",
         canActivate: [unauthGuardFn()],

apps/web/src/locales/en/messages.json

@@ -1137,6 +1137,12 @@
   "logInToBitwarden": {
     "message": "Log in to Bitwarden"
   },
+  "authenticationTimeout": {
+    "message": "Authentication timeout"
+  },
+  "authenticationSessionTimedOut": {
+    "message": "The authentication session timed out. Please restart the login process."
+  },
   "verifyIdentity": {
     "message": "Verify your Identity"
   },