feat: send suspension emails and enhanced audit logs for MFA non-compliance

gatehouse_app/services/email_templates.py

@@ -424,6 +424,70 @@ def build_mfa_suspension_html(
     return get_base_html(content, "Account Access Restricted - MFA Enrollment Required", "Your account has been suspended due to missing MFA")
 
 
+def build_mfa_suspension_admin_html(
+    admin_name: str,
+    org_name: str,
+    suspended_user_name: str,
+    suspended_user_email: str,
+    mfa_methods: str,
+    members_link: str,
+    deadline_date: str = "",
+    days_overdue: int = 0,
+) -> str:
+    """Build MFA suspension notification email for org admins.
+
+    Args:
+        admin_name: Admin's name or email
+        org_name: Organization name
+        suspended_user_name: Suspended user's name
+        suspended_user_email: Suspended user's email
+        mfa_methods: Required MFA methods
+        members_link: Link to manage org members
+        deadline_date: The deadline that was missed
+        days_overdue: Days past the deadline
+
+    Returns:
+        HTML email string
+    """
+    content = f'''
+    <h2 style="margin: 0 0 20px 0; color: {DANGER_COLOR}; font-size: 20px; font-weight: 600;">User Suspended - MFA Non-Compliance</h2>
+    <p style="margin: 0 0 20px 0; color: {TEXT_COLOR}; font-size: 15px; line-height: 1.6;">
+        Dear <strong>{admin_name}</strong>,
+    </p>
+    <p style="margin: 0 0 20px 0; color: {TEXT_COLOR}; font-size: 15px; line-height: 1.6;">
+        A user in your organization <strong>{org_name}</strong> has been suspended due to MFA non-compliance.
+    </p>
+    {get_alert_box(f"A user account has been automatically suspended for failing to meet MFA requirements.", "warning", "⚙️")}
+    <table role="presentation" width="100%" cellspacing="0" cellpadding="0" style="margin: 20px 0; background-color: {BACKGROUND_COLOR}; border-radius: 8px;">
+        <tr>
+            <td style="padding: 20px;">
+                <h3 style="margin: 0 0 12px 0; color: {TEXT_COLOR}; font-size: 14px; font-weight: 600;">Suspended User Details:</h3>
+                <table role="presentation" width="100%" cellspacing="0" cellpadding="0">
+                    {get_detail_row("Name", suspended_user_name)}
+                    {get_detail_row("Email", suspended_user_email)}
+                    {get_detail_row("Organization", org_name)}
+                    {get_detail_row("Required MFA", mfa_methods)}
+                    {get_detail_row("Deadline", deadline_date) if deadline_date else ""}
+                    {get_detail_row("Days Overdue", str(days_overdue)) if days_overdue else ""}
+                </table>
+                <h3 style="margin: 16px 0 12px 0; color: {TEXT_COLOR}; font-size: 14px; font-weight: 600;">What Happened:</h3>
+                <p style="margin: 0; color: {TEXT_COLOR}; font-size: 14px; line-height: 1.6;">
+                    This user did not configure the required multi-factor authentication method(s) within the
+                    allowed grace period. Their account has been automatically suspended and they will only
+                    be able to access a compliance enrollment screen until MFA is configured.
+                </p>
+            </td>
+        </tr>
+    </table>
+    {get_action_button(members_link, "Manage Organization Members", PRIMARY_COLOR)}
+    <p style="margin: 20px 0; color: {MUTED_COLOR}; font-size: 13px;">
+        You are receiving this notification because you are an administrator of <strong>{org_name}</strong>.
+        No action is required from you unless the user needs assistance setting up MFA.
+    </p>
+    '''
+    return get_base_html(content, f"User Suspended - MFA Non-Compliance in {org_name}", f"A user in {org_name} has been suspended for missing MFA deadline")
+
+
 def build_org_invite_html(
     inviter_name: str,
     org_name: str,