From 8b1f8712a843f7ad83f12b2959c5885472001c92 Mon Sep 17 00:00:00 2001
From: "Donald F. Coffin" <dcoffin@greenbuttonalliance.org>
Date: Sun, 7 Jun 2026 17:10:07 -0400
Subject: [PATCH 1/5] fix(#175): add Home link to custodian + customer portal
 navbars

The customer self-service page was a dead end (navbar linked only to itself and
Logout). Add a persistent "Home" item (-> /) to both portal navbar fragments so
every authenticated page has a consistent way back to the site landing.

Verified: custodian and customer pages each render one Home link; Home resolves
(200) from a customer session.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../src/main/resources/templates/fragments/layout.html   | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/openespi-datacustodian/src/main/resources/templates/fragments/layout.html b/openespi-datacustodian/src/main/resources/templates/fragments/layout.html
index 2552fad5..5a349acf 100644
--- a/openespi-datacustodian/src/main/resources/templates/fragments/layout.html
+++ b/openespi-datacustodian/src/main/resources/templates/fragments/layout.html
@@ -76,7 +76,11 @@
             <div class="collapse navbar-collapse" id="customerNav">
                 <ul class="navbar-nav me-auto">
                     <!-- Only the self-service authorizations page is migrated; Usage Points /
-                         Third Parties pages are not yet available, so no dead links are shown. -->
+                         Third Parties pages are not yet available, so no dead links are shown.
+                         A Home link is always present so no page is a dead end (#175). -->
+                    <li class="nav-item">
+                        <a class="nav-link" th:href="@{/}">Home</a>
+                    </li>
                     <li class="nav-item">
                         <a class="nav-link" th:href="@{/customer/authorizations}">My Authorizations</a>
                     </li>
@@ -109,6 +113,9 @@
 
             <div class="collapse navbar-collapse" id="custodianNav">
                 <ul class="navbar-nav me-auto">
+                    <li class="nav-item">
+                        <a class="nav-link" th:href="@{/}">Home</a>
+                    </li>
                     <li class="nav-item">
                         <a class="nav-link" th:href="@{/custodian/home}">Dashboard</a>
                     </li>

From 697be634a2a1aa02964544a108a4e5580378684c Mon Sep 17 00:00:00 2001
From: "Donald F. Coffin" <dcoffin@greenbuttonalliance.org>
Date: Sun, 7 Jun 2026 17:32:03 -0400
Subject: [PATCH 2/5] =?UTF-8?q?fix(#175):=20portal=20nav=20polish=20?=
 =?UTF-8?q?=E2=80=94=20user=20dropdown,=20customer=20link,=20About=20page,?=
 =?UTF-8?q?=20footer=20cleanup?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Follow-on navbar/footer consistency fixes from browser testing:

- User menu: replace the awkward "Custodian: name" / "Welcome, name" text + loose
  Logout button with a proper user dropdown (username ▾ → Logout) in both the
  custodian and customer navbars, matching the main header.
- Logged-in customers can reach their authorizations from anywhere: the shared
  header now shows a "My Authorizations" link for ROLE_USER (e.g. on the home page).
- Footer dead links: add a real public About page (/about — implementation/version
  info; replaces legacy about.jsp) and remove the Terms of Service / Usage Policy
  links rather than ship stale EnergyOS-era boilerplate or fabricated legal text.
- Home "Learn more about Green Button" now links to greenbuttonalliance.org.
- /about added to the session chain (public).

Verified: /about 200 (public); custodian/customer user dropdowns + logout; customer
home shows My Authorizations; learn-more → GBA. datacustodian suite 160/0.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../CustomerLoginSecurityConfiguration.java   |  4 +-
 .../datacustodian/web/AboutController.java    | 49 +++++++++++++++++
 .../src/main/resources/templates/about.html   | 34 ++++++++++++
 .../resources/templates/fragments/layout.html | 53 ++++++++++++-------
 .../src/main/resources/templates/home.html    |  2 +-
 5 files changed, 121 insertions(+), 21 deletions(-)
 create mode 100644 openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/AboutController.java
 create mode 100644 openespi-datacustodian/src/main/resources/templates/about.html

diff --git a/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/config/CustomerLoginSecurityConfiguration.java b/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/config/CustomerLoginSecurityConfiguration.java
index 5c622527..43ec7ef1 100644
--- a/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/config/CustomerLoginSecurityConfiguration.java
+++ b/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/config/CustomerLoginSecurityConfiguration.java
@@ -96,6 +96,7 @@ public SecurityFilterChain customerLoginSecurityFilterChain(
 		RequestMatcher matcher = new OrRequestMatcher(
 				pp.matcher("/"),
 				pp.matcher("/home"),
+				pp.matcher("/about"),
 				pp.matcher("/login"),
 				pp.matcher("/logout"),
 				pp.matcher("/custodian/**"),
@@ -111,7 +112,8 @@ public SecurityFilterChain customerLoginSecurityFilterChain(
 				// session-stored token. Right shape for vanilla form login.
 				.csrf(Customizer.withDefaults())
 				.authorizeHttpRequests(authz -> authz
-						.requestMatchers(pp.matcher("/"), pp.matcher("/home"), pp.matcher("/login")).permitAll()
+						.requestMatchers(pp.matcher("/"), pp.matcher("/home"), pp.matcher("/about"),
+								pp.matcher("/login")).permitAll()
 						.anyRequest().authenticated())
 				.formLogin(form -> form
 						.loginPage("/login")
diff --git a/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/AboutController.java b/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/AboutController.java
new file mode 100644
index 00000000..ce6a34c2
--- /dev/null
+++ b/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/AboutController.java
@@ -0,0 +1,49 @@
+/*
+ *
+ *        Copyright (c) 2025 Green Button Alliance, Inc.
+ *
+ *
+ *     Licensed under the Apache License, Version 2.0 (the "License");
+ *     you may not use this file except in compliance with the License.
+ *     You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *     Unless required by applicable law or agreed to in writing, software
+ *     distributed under the License is distributed on an "AS IS" BASIS,
+ *     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *     See the License for the specific language governing permissions and
+ *     limitations under the License.
+ *
+ */
+
+package org.greenbuttonalliance.espi.datacustodian.web;
+
+import org.springframework.boot.SpringBootVersion;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * Public "About" page (#175). Replaces the legacy about.jsp build-info table with a small,
+ * non-sensitive summary of the running implementation. Public (footer-linked from every page,
+ * including the anonymous login page).
+ */
+@Controller
+public class AboutController {
+
+	@GetMapping("/about")
+	public String about(Model model) {
+		Map<String, String> info = new LinkedHashMap<>();
+		String version = AboutController.class.getPackage().getImplementationVersion();
+		info.put("Implementation", "OpenESPI Green Button Data Custodian");
+		info.put("Version", version != null ? version : "(development build)");
+		info.put("Java version", System.getProperty("java.version", "—"));
+		info.put("Spring Boot version", SpringBootVersion.getVersion());
+		model.addAttribute("info", info);
+		return "about";
+	}
+}
diff --git a/openespi-datacustodian/src/main/resources/templates/about.html b/openespi-datacustodian/src/main/resources/templates/about.html
new file mode 100644
index 00000000..7f95c011
--- /dev/null
+++ b/openespi-datacustodian/src/main/resources/templates/about.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
+<head th:replace="~{fragments/layout :: head}">
+    <title>About - Green Button Data Custodian</title>
+</head>
+
+<body>
+    <nav th:replace="~{fragments/layout :: header}"></nav>
+
+    <div class="container">
+        <h2 class="mt-4">About</h2>
+        <p class="text-muted">
+            A reference implementation of the NAESB ESPI (Green Button) Data Custodian, maintained by the
+            <a href="https://www.greenbuttonalliance.org">Green Button Alliance</a>.
+        </p>
+
+        <div class="card mt-3">
+            <div class="table-responsive">
+                <table class="table table-striped mb-0">
+                    <tbody>
+                        <tr th:each="entry : ${info}">
+                            <th class="w-25" th:text="${entry.key}">Key</th>
+                            <td th:text="${entry.value}">value</td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+
+        <hr class="my-5">
+        <footer th:replace="~{fragments/layout :: footer}"></footer>
+    </div>
+</body>
+</html>
diff --git a/openespi-datacustodian/src/main/resources/templates/fragments/layout.html b/openespi-datacustodian/src/main/resources/templates/fragments/layout.html
index 5a349acf..32915720 100644
--- a/openespi-datacustodian/src/main/resources/templates/fragments/layout.html
+++ b/openespi-datacustodian/src/main/resources/templates/fragments/layout.html
@@ -36,8 +36,11 @@
                     <li class="nav-item">
                         <a class="nav-link" th:href="@{/}">Home</a>
                     </li>
-                    <!-- The customer self-service portal (/customer/**) is not yet migrated, so no
-                         "My Usage Points" link is shown to ROLE_USER — it would be a dead link. -->
+                    <!-- Customer self-service: only the authorizations page is migrated, so that is
+                         the single ROLE_USER link (no dead "My Usage Points"). -->
+                    <li class="nav-item" sec:authorize="hasRole('ROLE_USER')">
+                        <a class="nav-link" th:href="@{/customer/authorizations}">My Authorizations</a>
+                    </li>
                     <li class="nav-item" sec:authorize="hasRole('ROLE_CUSTODIAN')">
                         <a class="nav-link" th:href="@{/custodian/home}">Custodian Portal</a>
                     </li>
@@ -87,13 +90,20 @@
                 </ul>
 
                 <ul class="navbar-nav">
-                    <li class="nav-item">
-                        <span class="navbar-text">Welcome, <span sec:authentication="name">Customer</span></span>
-                    </li>
-                    <li class="nav-item">
-                        <form th:action="@{/logout}" method="post" class="d-inline">
-                            <button type="submit" class="nav-link btn btn-link border-0 bg-transparent">Logout</button>
-                        </form>
+                    <li class="nav-item dropdown">
+                        <a class="nav-link dropdown-toggle" href="#" id="customerUserDropdown" role="button"
+                           data-bs-toggle="dropdown" aria-expanded="false">
+                            <i class="bi bi-person-circle"></i> <span sec:authentication="name">Customer</span>
+                        </a>
+                        <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="customerUserDropdown">
+                            <li><span class="dropdown-item-text text-muted small">Signed in</span></li>
+                            <li><hr class="dropdown-divider"></li>
+                            <li>
+                                <form th:action="@{/logout}" method="post" class="m-0">
+                                    <button type="submit" class="dropdown-item">Logout</button>
+                                </form>
+                            </li>
+                        </ul>
                     </li>
                 </ul>
             </div>
@@ -134,13 +144,20 @@
                 </ul>
 
                 <ul class="navbar-nav">
-                    <li class="nav-item">
-                        <span class="navbar-text">Custodian: <span sec:authentication="name">Admin</span></span>
-                    </li>
-                    <li class="nav-item">
-                        <form th:action="@{/logout}" method="post" class="d-inline">
-                            <button type="submit" class="nav-link btn btn-link border-0 bg-transparent">Logout</button>
-                        </form>
+                    <li class="nav-item dropdown">
+                        <a class="nav-link dropdown-toggle" href="#" id="custodianUserDropdown" role="button"
+                           data-bs-toggle="dropdown" aria-expanded="false">
+                            <i class="bi bi-person-circle"></i> <span sec:authentication="name">Admin</span>
+                        </a>
+                        <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="custodianUserDropdown">
+                            <li><span class="dropdown-item-text text-muted small">Signed in as custodian</span></li>
+                            <li><hr class="dropdown-divider"></li>
+                            <li>
+                                <form th:action="@{/logout}" method="post" class="m-0">
+                                    <button type="submit" class="dropdown-item">Logout</button>
+                                </form>
+                            </li>
+                        </ul>
                     </li>
                 </ul>
             </div>
@@ -159,9 +176,7 @@
                 </div>
                 <div class="col-md-6 text-end">
                     <p class="text-muted mb-0">
-                        <a th:href="@{/about}">About</a> |
-                        <a th:href="@{/TermsOfService}">Terms of Service</a> |
-                        <a th:href="@{/UsagePolicy}">Usage Policy</a>
+                        <a th:href="@{/about}">About</a>
                     </p>
                 </div>
             </div>
diff --git a/openespi-datacustodian/src/main/resources/templates/home.html b/openespi-datacustodian/src/main/resources/templates/home.html
index c2f5f9a6..6f055e09 100644
--- a/openespi-datacustodian/src/main/resources/templates/home.html
+++ b/openespi-datacustodian/src/main/resources/templates/home.html
@@ -17,7 +17,7 @@ <h2>Welcome to the <a href="https://www.greenbuttonalliance.org" class="text-whi
                 <a href="https://github.com/GreenButtonAlliance" class="text-white">Open Source project</a>, is freely available for download by any interested parties.
             </p>
             <div class="d-flex flex-wrap gap-3 mt-4">
-                <a href="https://www.greenbuttondata.org" class="btn btn-light btn-lg">Learn more about Green Button &raquo;</a>
+                <a href="https://www.greenbuttonalliance.org/" class="btn btn-light btn-lg">Learn more about Green Button &raquo;</a>
                 <a href="https://github.com/GreenButtonAlliance" class="btn btn-outline-light btn-lg">View Open Source Projects &raquo;</a>
             </div>
         </div>

From 041adfc4481a91dd1530fff05b429de5e3b5784e Mon Sep 17 00:00:00 2001
From: "Donald F. Coffin" <dcoffin@greenbuttonalliance.org>
Date: Sun, 7 Jun 2026 19:21:32 -0400
Subject: [PATCH 3/5] fix(#175): fix logout dropdown (Bootstrap JS) + allow
 creating admins
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Logout dropdown was dead on the new portal pages: Bootstrap's JS was only
  loaded ad-hoc at the bottom of some templates, not on the pages that include
  just the head/footer fragments. Load the Bootstrap bundle once (deferred) in
  the head fragment so every page has working dropdown/collapse, and remove the
  now-duplicate bottom <script> from home/custodian-home (double-loading
  re-binds the data-API and breaks the toggle).
- User-account form now has an "Account type" selector (Customer / Administrator
  (Custodian)), so admins can be created — not just customers. update() persists
  the role; create() binds it. Verified: a new ROLE_CUSTODIAN account logs in and
  lands on /custodian/home. Relabeled the screen to "User Account" / "Add user".

datacustodian suite: 160 tests, 0 failures.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../web/custodian/RetailCustomerController.java          | 3 +++
 .../src/main/resources/templates/custodian/home.html     | 2 --
 .../templates/custodian/retailcustomers/form.html        | 9 ++++++++-
 .../templates/custodian/retailcustomers/index.html       | 2 +-
 .../src/main/resources/templates/fragments/layout.html   | 5 +++++
 .../src/main/resources/templates/home.html               | 2 --
 6 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/custodian/RetailCustomerController.java b/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/custodian/RetailCustomerController.java
index f3061d0b..a8b956bb 100644
--- a/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/custodian/RetailCustomerController.java
+++ b/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/custodian/RetailCustomerController.java
@@ -138,6 +138,9 @@ public String update(@PathVariable Long retailCustomerId,
 		existing.setUsername(form.getUsername());
 		existing.setFirstName(form.getFirstName());
 		existing.setLastName(form.getLastName());
+		if (form.getRole() != null && !form.getRole().isBlank()) {
+			existing.setRole(form.getRole());
+		}
 		if (form.getPassword() != null && !form.getPassword().isBlank()) {
 			existing.setPassword(customerPasswordEncoder.encode(form.getPassword()));
 		}
diff --git a/openespi-datacustodian/src/main/resources/templates/custodian/home.html b/openespi-datacustodian/src/main/resources/templates/custodian/home.html
index ad925256..4b5703f0 100644
--- a/openespi-datacustodian/src/main/resources/templates/custodian/home.html
+++ b/openespi-datacustodian/src/main/resources/templates/custodian/home.html
@@ -131,7 +131,5 @@ <h4 th:text="${todayRequests ?: '0'}">0</h4>
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
 
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/form.html b/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/form.html
index 844293aa..7986d05d 100644
--- a/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/form.html
+++ b/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/form.html
@@ -8,7 +8,7 @@
     <nav th:replace="~{fragments/layout :: custodianHeader}"></nav>
 
     <div class="container">
-        <h2 class="mt-4" th:text="${editMode} ? 'Edit Retail Customer' : 'New Retail Customer'">Retail Customer</h2>
+        <h2 class="mt-4" th:text="${editMode} ? 'Edit User Account' : 'New User Account'">User Account</h2>
 
         <div class="card mt-4">
             <div class="card-body">
@@ -34,6 +34,13 @@ <h2 class="mt-4" th:text="${editMode} ? 'Edit Retail Customer' : 'New Retail Cus
                         <div class="invalid-feedback" th:if="${#fields.hasErrors('lastName')}"
                              th:errors="*{lastName}">Last name error</div>
                     </div>
+                    <div class="mb-3">
+                        <label for="role" class="form-label">Account type</label>
+                        <select id="role" class="form-select" th:field="*{role}">
+                            <option value="ROLE_USER">Customer</option>
+                            <option value="ROLE_CUSTODIAN">Administrator (Custodian)</option>
+                        </select>
+                    </div>
                     <div class="mb-3">
                         <label for="password" class="form-label">Password</label>
                         <input type="password" id="password" class="form-control"
diff --git a/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/index.html b/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/index.html
index 14847142..9dd6ae3c 100644
--- a/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/index.html
+++ b/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/index.html
@@ -11,7 +11,7 @@
         <div class="d-flex justify-content-between align-items-center mt-4">
             <h2 class="mb-0">Retail Customers</h2>
             <a th:href="@{/custodian/retailcustomers/form}" class="btn btn-primary">
-                <i class="bi bi-plus-lg"></i> Add new customer
+                <i class="bi bi-plus-lg"></i> Add user
             </a>
         </div>
 
diff --git a/openespi-datacustodian/src/main/resources/templates/fragments/layout.html b/openespi-datacustodian/src/main/resources/templates/fragments/layout.html
index 32915720..05a9510e 100644
--- a/openespi-datacustodian/src/main/resources/templates/fragments/layout.html
+++ b/openespi-datacustodian/src/main/resources/templates/fragments/layout.html
@@ -17,6 +17,11 @@
     <!-- Favicon -->
     <link rel="icon" type="image/png" th:href="@{/images/favicon.png}">
 
+    <!-- Bootstrap bundle (incl. Popper). Loaded once here, deferred so it executes after the DOM is
+         parsed — every page that includes this head fragment gets working navbar dropdowns/collapse
+         without each template loading its own copy (double-loading breaks the dropdown toggle). -->
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js" defer></script>
+
     <!-- Additional CSS block for page-specific styles -->
     <th:block th:fragment="additionalCss"></th:block>
 </head>
diff --git a/openespi-datacustodian/src/main/resources/templates/home.html b/openespi-datacustodian/src/main/resources/templates/home.html
index 6f055e09..0f2cb6d6 100644
--- a/openespi-datacustodian/src/main/resources/templates/home.html
+++ b/openespi-datacustodian/src/main/resources/templates/home.html
@@ -76,7 +76,5 @@ <h3 class="card-title">API Reference</h3>
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
 
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
 </body>
 </html>
\ No newline at end of file

From aa1cc501d16aad7e404da5912e478996e03d1251 Mon Sep 17 00:00:00 2001
From: "Donald F. Coffin" <dcoffin@greenbuttonalliance.org>
Date: Sun, 7 Jun 2026 21:45:43 -0400
Subject: [PATCH 4/5] fix(#175): error-page links + Enabled account toggle

- Error pages (404 error.html, 400, 403): "Go Home"/"Login" used host-absolute
  hrefs that bypassed the /DataCustodian context path (dead links) -> context-
  relative th:href. Removed their duplicate bottom Bootstrap <script>/icons (now
  provided once by the head fragment; double-loading broke the navbar dropdown).
  Browser-rendered HTML error page link targets all verified 200 (API clients
  still get a JSON error via content negotiation, as before).
- Accounts were always "Enabled = Yes" with no way to change it. Added an Enabled
  switch to the user-account form; update() persists it. A disabled account now
  shows "No" in the list and cannot sign in.

datacustodian suite: 160 tests, 0 failures.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../web/custodian/RetailCustomerController.java        |  3 +++
 .../templates/custodian/retailcustomers/form.html      |  5 +++++
 .../src/main/resources/templates/error.html            |  8 +-------
 .../src/main/resources/templates/error/400.html        |  8 +-------
 .../src/main/resources/templates/error/403.html        | 10 ++--------
 5 files changed, 12 insertions(+), 22 deletions(-)

diff --git a/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/custodian/RetailCustomerController.java b/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/custodian/RetailCustomerController.java
index a8b956bb..022eb053 100644
--- a/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/custodian/RetailCustomerController.java
+++ b/openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/custodian/RetailCustomerController.java
@@ -141,6 +141,9 @@ public String update(@PathVariable Long retailCustomerId,
 		if (form.getRole() != null && !form.getRole().isBlank()) {
 			existing.setRole(form.getRole());
 		}
+		// Checkbox bound via th:field renders a hidden field, so a non-null value always arrives;
+		// default to enabled if somehow absent.
+		existing.setEnabled(form.getEnabled() != null ? form.getEnabled() : Boolean.TRUE);
 		if (form.getPassword() != null && !form.getPassword().isBlank()) {
 			existing.setPassword(customerPasswordEncoder.encode(form.getPassword()));
 		}
diff --git a/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/form.html b/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/form.html
index 7986d05d..8171c654 100644
--- a/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/form.html
+++ b/openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/form.html
@@ -41,6 +41,11 @@ <h2 class="mt-4" th:text="${editMode} ? 'Edit User Account' : 'New User Account'
                             <option value="ROLE_CUSTODIAN">Administrator (Custodian)</option>
                         </select>
                     </div>
+                    <div class="form-check form-switch mb-3">
+                        <input type="checkbox" id="enabled" class="form-check-input" role="switch"
+                               th:field="*{enabled}"/>
+                        <label for="enabled" class="form-check-label">Enabled (account may sign in)</label>
+                    </div>
                     <div class="mb-3">
                         <label for="password" class="form-label">Password</label>
                         <input type="password" id="password" class="form-control"
diff --git a/openespi-datacustodian/src/main/resources/templates/error.html b/openespi-datacustodian/src/main/resources/templates/error.html
index c588b394..c036dacd 100644
--- a/openespi-datacustodian/src/main/resources/templates/error.html
+++ b/openespi-datacustodian/src/main/resources/templates/error.html
@@ -34,7 +34,7 @@ <h6>Error Details:</h6>
                 </div>
                 
                 <div class="d-flex justify-content-center gap-3 mt-4">
-                    <a href="/" class="btn btn-primary">Go Home</a>
+                    <a th:href="@{/}" class="btn btn-primary">Go Home</a>
                     <button onclick="history.back()" class="btn btn-outline-secondary">Go Back</button>
                     <button onclick="location.reload()" class="btn btn-outline-info">Try Again</button>
                 </div>
@@ -43,11 +43,5 @@ <h6>Error Details:</h6>
 
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
-
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
-    
-    <!-- Bootstrap Icons -->
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.0/font/bootstrap-icons.css">
 </body>
 </html>
\ No newline at end of file
diff --git a/openespi-datacustodian/src/main/resources/templates/error/400.html b/openespi-datacustodian/src/main/resources/templates/error/400.html
index e94e2aef..9da95f40 100644
--- a/openespi-datacustodian/src/main/resources/templates/error/400.html
+++ b/openespi-datacustodian/src/main/resources/templates/error/400.html
@@ -19,7 +19,7 @@ <h2 class="mb-4">Bad Request</h2>
                     The request could not be understood by the server due to malformed syntax.
                 </p>
                 <div class="d-flex justify-content-center gap-3">
-                    <a href="/" class="btn btn-primary">Go Home</a>
+                    <a th:href="@{/}" class="btn btn-primary">Go Home</a>
                     <button onclick="history.back()" class="btn btn-outline-secondary">Go Back</button>
                 </div>
             </div>
@@ -27,11 +27,5 @@ <h2 class="mb-4">Bad Request</h2>
 
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
-
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
-    
-    <!-- Bootstrap Icons -->
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.0/font/bootstrap-icons.css">
 </body>
 </html>
\ No newline at end of file
diff --git a/openespi-datacustodian/src/main/resources/templates/error/403.html b/openespi-datacustodian/src/main/resources/templates/error/403.html
index 7f460e45..42ecf2e9 100644
--- a/openespi-datacustodian/src/main/resources/templates/error/403.html
+++ b/openespi-datacustodian/src/main/resources/templates/error/403.html
@@ -19,8 +19,8 @@ <h2 class="mb-4">Access Forbidden</h2>
                     You don't have permission to access this resource. Please contact your administrator if you believe this is an error.
                 </p>
                 <div class="d-flex justify-content-center gap-3">
-                    <a href="/" class="btn btn-primary">Go Home</a>
-                    <a href="/login" class="btn btn-outline-primary">Login</a>
+                    <a th:href="@{/}" class="btn btn-primary">Go Home</a>
+                    <a th:href="@{/login}" class="btn btn-outline-primary">Login</a>
                     <button onclick="history.back()" class="btn btn-outline-secondary">Go Back</button>
                 </div>
             </div>
@@ -28,11 +28,5 @@ <h2 class="mb-4">Access Forbidden</h2>
 
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
-
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
-    
-    <!-- Bootstrap Icons -->
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.0/font/bootstrap-icons.css">
 </body>
 </html>
\ No newline at end of file

From 90a001a101736bedc84b03f95e47bef1b1811243 Mon Sep 17 00:00:00 2001
From: "Donald F. Coffin" <dcoffin@greenbuttonalliance.org>
Date: Sun, 7 Jun 2026 22:59:04 -0400
Subject: [PATCH 5/5] fix(#175): point home 'Open Source project' link at the
 OpenESPI-GreenButton-Java repo

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 openespi-datacustodian/src/main/resources/templates/home.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openespi-datacustodian/src/main/resources/templates/home.html b/openespi-datacustodian/src/main/resources/templates/home.html
index 0f2cb6d6..a6816bdd 100644
--- a/openespi-datacustodian/src/main/resources/templates/home.html
+++ b/openespi-datacustodian/src/main/resources/templates/home.html
@@ -14,7 +14,7 @@ <h2>Welcome to the <a href="https://www.greenbuttonalliance.org" class="text-whi
             <p class="lead">
                 The Green Button Alliance has, with the support of the open source community, prepared a reference Green Button
                 Data Custodian implementation. This implementation supports a full complement of Green Button facilities and, as an 
-                <a href="https://github.com/GreenButtonAlliance" class="text-white">Open Source project</a>, is freely available for download by any interested parties.
+                <a href="https://github.com/GreenButtonAlliance/OpenESPI-GreenButton-Java" class="text-white">Open Source project</a>, is freely available for download by any interested parties.
             </p>
             <div class="d-flex flex-wrap gap-3 mt-4">
                 <a href="https://www.greenbuttonalliance.org/" class="btn btn-light btn-lg">Learn more about Green Button &raquo;</a>