fix(#175): portal navigation consistency — Home link, user dropdown, About page, no dead links

openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/config/CustomerLoginSecurityConfiguration.java

@@ -96,6 +96,7 @@ public SecurityFilterChain customerLoginSecurityFilterChain(
 		RequestMatcher matcher = new OrRequestMatcher(
 				pp.matcher("/"),
 				pp.matcher("/home"),
+				pp.matcher("/about"),
 				pp.matcher("/login"),
 				pp.matcher("/logout"),
 				pp.matcher("/custodian/**"),
@@ -111,7 +112,8 @@ public SecurityFilterChain customerLoginSecurityFilterChain(
 				// session-stored token. Right shape for vanilla form login.
 				.csrf(Customizer.withDefaults())
 				.authorizeHttpRequests(authz -> authz
-						.requestMatchers(pp.matcher("/"), pp.matcher("/home"), pp.matcher("/login")).permitAll()
+						.requestMatchers(pp.matcher("/"), pp.matcher("/home"), pp.matcher("/about"),
+								pp.matcher("/login")).permitAll()
 						.anyRequest().authenticated())
 				.formLogin(form -> form
 						.loginPage("/login")

openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/AboutController.java

@@ -0,0 +1,49 @@
+/*
+ *
+ *        Copyright (c) 2025 Green Button Alliance, Inc.
+ *
+ *
+ *     Licensed under the Apache License, Version 2.0 (the "License");
+ *     you may not use this file except in compliance with the License.
+ *     You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *     Unless required by applicable law or agreed to in writing, software
+ *     distributed under the License is distributed on an "AS IS" BASIS,
+ *     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *     See the License for the specific language governing permissions and
+ *     limitations under the License.
+ *
+ */
+
+package org.greenbuttonalliance.espi.datacustodian.web;
+
+import org.springframework.boot.SpringBootVersion;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * Public "About" page (#175). Replaces the legacy about.jsp build-info table with a small,
+ * non-sensitive summary of the running implementation. Public (footer-linked from every page,
+ * including the anonymous login page).
+ */
+@Controller
+public class AboutController {
+
+	@GetMapping("/about")
+	public String about(Model model) {
+		Map<String, String> info = new LinkedHashMap<>();
+		String version = AboutController.class.getPackage().getImplementationVersion();
+		info.put("Implementation", "OpenESPI Green Button Data Custodian");
+		info.put("Version", version != null ? version : "(development build)");
+		info.put("Java version", System.getProperty("java.version", "—"));
+		info.put("Spring Boot version", SpringBootVersion.getVersion());
+		model.addAttribute("info", info);
+		return "about";
+	}
+}

openespi-datacustodian/src/main/java/org/greenbuttonalliance/espi/datacustodian/web/custodian/RetailCustomerController.java

@@ -138,6 +138,12 @@ public String update(@PathVariable Long retailCustomerId,
 		existing.setUsername(form.getUsername());
 		existing.setFirstName(form.getFirstName());
 		existing.setLastName(form.getLastName());
+		if (form.getRole() != null && !form.getRole().isBlank()) {
+			existing.setRole(form.getRole());
+		}
+		// Checkbox bound via th:field renders a hidden field, so a non-null value always arrives;
+		// default to enabled if somehow absent.
+		existing.setEnabled(form.getEnabled() != null ? form.getEnabled() : Boolean.TRUE);
 		if (form.getPassword() != null && !form.getPassword().isBlank()) {
 			existing.setPassword(customerPasswordEncoder.encode(form.getPassword()));
 		}

openespi-datacustodian/src/main/resources/templates/about.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
+<head th:replace="~{fragments/layout :: head}">
+    <title>About - Green Button Data Custodian</title>
+</head>
+
+<body>
+    <nav th:replace="~{fragments/layout :: header}"></nav>
+
+    <div class="container">
+        <h2 class="mt-4">About</h2>
+        <p class="text-muted">
+            A reference implementation of the NAESB ESPI (Green Button) Data Custodian, maintained by the
+            <a href="https://www.greenbuttonalliance.org">Green Button Alliance</a>.
+        </p>
+
+        <div class="card mt-3">
+            <div class="table-responsive">
+                <table class="table table-striped mb-0">
+                    <tbody>
+                        <tr th:each="entry : ${info}">
+                            <th class="w-25" th:text="${entry.key}">Key</th>
+                            <td th:text="${entry.value}">value</td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+
+        <hr class="my-5">
+        <footer th:replace="~{fragments/layout :: footer}"></footer>
+    </div>
+</body>
+</html>

openespi-datacustodian/src/main/resources/templates/custodian/home.html

@@ -131,7 +131,5 @@ <h4 th:text="${todayRequests ?: '0'}">0</h4>
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
 
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
 </body>
 </html>

openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/form.html

@@ -8,7 +8,7 @@
     <nav th:replace="~{fragments/layout :: custodianHeader}"></nav>
 
     <div class="container">
-        <h2 class="mt-4" th:text="${editMode} ? 'Edit Retail Customer' : 'New Retail Customer'">Retail Customer</h2>
+        <h2 class="mt-4" th:text="${editMode} ? 'Edit User Account' : 'New User Account'">User Account</h2>
 
         <div class="card mt-4">
             <div class="card-body">
@@ -34,6 +34,18 @@ <h2 class="mt-4" th:text="${editMode} ? 'Edit Retail Customer' : 'New Retail Cus
                         <div class="invalid-feedback" th:if="${#fields.hasErrors('lastName')}"
                              th:errors="*{lastName}">Last name error</div>
                     </div>
+                    <div class="mb-3">
+                        <label for="role" class="form-label">Account type</label>
+                        <select id="role" class="form-select" th:field="*{role}">
+                            <option value="ROLE_USER">Customer</option>
+                            <option value="ROLE_CUSTODIAN">Administrator (Custodian)</option>
+                        </select>
+                    </div>
+                    <div class="form-check form-switch mb-3">
+                        <input type="checkbox" id="enabled" class="form-check-input" role="switch"
+                               th:field="*{enabled}"/>
+                        <label for="enabled" class="form-check-label">Enabled (account may sign in)</label>
+                    </div>
                     <div class="mb-3">
                         <label for="password" class="form-label">Password</label>
                         <input type="password" id="password" class="form-control"

openespi-datacustodian/src/main/resources/templates/custodian/retailcustomers/index.html

@@ -11,7 +11,7 @@
         <div class="d-flex justify-content-between align-items-center mt-4">
             <h2 class="mb-0">Retail Customers</h2>
             <a th:href="@{/custodian/retailcustomers/form}" class="btn btn-primary">
-                <i class="bi bi-plus-lg"></i> Add new customer
+                <i class="bi bi-plus-lg"></i> Add user
             </a>
         </div>
 

openespi-datacustodian/src/main/resources/templates/error.html

@@ -34,7 +34,7 @@ <h6>Error Details:</h6>
                 </div>
 
                 <div class="d-flex justify-content-center gap-3 mt-4">
-                    <a href="/" class="btn btn-primary">Go Home</a>
+                    <a th:href="@{/}" class="btn btn-primary">Go Home</a>
                     <button onclick="history.back()" class="btn btn-outline-secondary">Go Back</button>
                     <button onclick="location.reload()" class="btn btn-outline-info">Try Again</button>
                 </div>
@@ -43,11 +43,5 @@ <h6>Error Details:</h6>
 
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
-
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
-
-    <!-- Bootstrap Icons -->
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.0/font/bootstrap-icons.css">
 </body>
 </html>

openespi-datacustodian/src/main/resources/templates/error/400.html

@@ -19,19 +19,13 @@ <h2 class="mb-4">Bad Request</h2>
                     The request could not be understood by the server due to malformed syntax.
                 </p>
                 <div class="d-flex justify-content-center gap-3">
-                    <a href="/" class="btn btn-primary">Go Home</a>
+                    <a th:href="@{/}" class="btn btn-primary">Go Home</a>
                     <button onclick="history.back()" class="btn btn-outline-secondary">Go Back</button>
                 </div>
             </div>
         </div>
 
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
-
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
-
-    <!-- Bootstrap Icons -->
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.0/font/bootstrap-icons.css">
 </body>
 </html>

openespi-datacustodian/src/main/resources/templates/error/403.html

@@ -19,20 +19,14 @@ <h2 class="mb-4">Access Forbidden</h2>
                     You don't have permission to access this resource. Please contact your administrator if you believe this is an error.
                 </p>
                 <div class="d-flex justify-content-center gap-3">
-                    <a href="/" class="btn btn-primary">Go Home</a>
-                    <a href="/login" class="btn btn-outline-primary">Login</a>
+                    <a th:href="@{/}" class="btn btn-primary">Go Home</a>
+                    <a th:href="@{/login}" class="btn btn-outline-primary">Login</a>
                     <button onclick="history.back()" class="btn btn-outline-secondary">Go Back</button>
                 </div>
             </div>
         </div>
 
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
-
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
-
-    <!-- Bootstrap Icons -->
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.0/font/bootstrap-icons.css">
 </body>
 </html>

openespi-datacustodian/src/main/resources/templates/fragments/layout.html

@@ -17,6 +17,11 @@
     <!-- Favicon -->
     <link rel="icon" type="image/png" th:href="@{/images/favicon.png}">
 
+    <!-- Bootstrap bundle (incl. Popper). Loaded once here, deferred so it executes after the DOM is
+         parsed — every page that includes this head fragment gets working navbar dropdowns/collapse
+         without each template loading its own copy (double-loading breaks the dropdown toggle). -->
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js" defer></script>
+
     <!-- Additional CSS block for page-specific styles -->
     <th:block th:fragment="additionalCss"></th:block>
 </head>
@@ -36,8 +41,11 @@
                     <li class="nav-item">
                         <a class="nav-link" th:href="@{/}">Home</a>
                     </li>
-                    <!-- The customer self-service portal (/customer/**) is not yet migrated, so no
-                         "My Usage Points" link is shown to ROLE_USER — it would be a dead link. -->
+                    <!-- Customer self-service: only the authorizations page is migrated, so that is
+                         the single ROLE_USER link (no dead "My Usage Points"). -->
+                    <li class="nav-item" sec:authorize="hasRole('ROLE_USER')">
+                        <a class="nav-link" th:href="@{/customer/authorizations}">My Authorizations</a>
+                    </li>
                     <li class="nav-item" sec:authorize="hasRole('ROLE_CUSTODIAN')">
                         <a class="nav-link" th:href="@{/custodian/home}">Custodian Portal</a>
                     </li>
@@ -76,20 +84,31 @@
             <div class="collapse navbar-collapse" id="customerNav">
                 <ul class="navbar-nav me-auto">
                     <!-- Only the self-service authorizations page is migrated; Usage Points /
-                         Third Parties pages are not yet available, so no dead links are shown. -->
+                         Third Parties pages are not yet available, so no dead links are shown.
+                         A Home link is always present so no page is a dead end (#175). -->
+                    <li class="nav-item">
+                        <a class="nav-link" th:href="@{/}">Home</a>
+                    </li>
                     <li class="nav-item">
                         <a class="nav-link" th:href="@{/customer/authorizations}">My Authorizations</a>
                     </li>
                 </ul>
 
                 <ul class="navbar-nav">
-                    <li class="nav-item">
-                        <span class="navbar-text">Welcome, <span sec:authentication="name">Customer</span></span>
-                    </li>
-                    <li class="nav-item">
-                        <form th:action="@{/logout}" method="post" class="d-inline">
-                            <button type="submit" class="nav-link btn btn-link border-0 bg-transparent">Logout</button>
-                        </form>
+                    <li class="nav-item dropdown">
+                        <a class="nav-link dropdown-toggle" href="#" id="customerUserDropdown" role="button"
+                           data-bs-toggle="dropdown" aria-expanded="false">
+                            <i class="bi bi-person-circle"></i> <span sec:authentication="name">Customer</span>
+                        </a>
+                        <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="customerUserDropdown">
+                            <li><span class="dropdown-item-text text-muted small">Signed in</span></li>
+                            <li><hr class="dropdown-divider"></li>
+                            <li>
+                                <form th:action="@{/logout}" method="post" class="m-0">
+                                    <button type="submit" class="dropdown-item">Logout</button>
+                                </form>
+                            </li>
+                        </ul>
                     </li>
                 </ul>
             </div>
@@ -109,6 +128,9 @@
 
             <div class="collapse navbar-collapse" id="custodianNav">
                 <ul class="navbar-nav me-auto">
+                    <li class="nav-item">
+                        <a class="nav-link" th:href="@{/}">Home</a>
+                    </li>
                     <li class="nav-item">
                         <a class="nav-link" th:href="@{/custodian/home}">Dashboard</a>
                     </li>
@@ -127,13 +149,20 @@
                 </ul>
 
                 <ul class="navbar-nav">
-                    <li class="nav-item">
-                        <span class="navbar-text">Custodian: <span sec:authentication="name">Admin</span></span>
-                    </li>
-                    <li class="nav-item">
-                        <form th:action="@{/logout}" method="post" class="d-inline">
-                            <button type="submit" class="nav-link btn btn-link border-0 bg-transparent">Logout</button>
-                        </form>
+                    <li class="nav-item dropdown">
+                        <a class="nav-link dropdown-toggle" href="#" id="custodianUserDropdown" role="button"
+                           data-bs-toggle="dropdown" aria-expanded="false">
+                            <i class="bi bi-person-circle"></i> <span sec:authentication="name">Admin</span>
+                        </a>
+                        <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="custodianUserDropdown">
+                            <li><span class="dropdown-item-text text-muted small">Signed in as custodian</span></li>
+                            <li><hr class="dropdown-divider"></li>
+                            <li>
+                                <form th:action="@{/logout}" method="post" class="m-0">
+                                    <button type="submit" class="dropdown-item">Logout</button>
+                                </form>
+                            </li>
+                        </ul>
                     </li>
                 </ul>
             </div>
@@ -152,9 +181,7 @@
                 </div>
                 <div class="col-md-6 text-end">
                     <p class="text-muted mb-0">
-                        <a th:href="@{/about}">About</a> |
-                        <a th:href="@{/TermsOfService}">Terms of Service</a> |
-                        <a th:href="@{/UsagePolicy}">Usage Policy</a>
+                        <a th:href="@{/about}">About</a>
                     </p>
                 </div>
             </div>

openespi-datacustodian/src/main/resources/templates/home.html

@@ -14,10 +14,10 @@ <h2>Welcome to the <a href="https://www.greenbuttonalliance.org" class="text-whi
             <p class="lead">
                 The Green Button Alliance has, with the support of the open source community, prepared a reference Green Button
                 Data Custodian implementation. This implementation supports a full complement of Green Button facilities and, as an 
-                <a href="https://github.com/GreenButtonAlliance" class="text-white">Open Source project</a>, is freely available for download by any interested parties.
+                <a href="https://github.com/GreenButtonAlliance/OpenESPI-GreenButton-Java" class="text-white">Open Source project</a>, is freely available for download by any interested parties.
             </p>
             <div class="d-flex flex-wrap gap-3 mt-4">
-                <a href="https://www.greenbuttondata.org" class="btn btn-light btn-lg">Learn more about Green Button &raquo;</a>
+                <a href="https://www.greenbuttonalliance.org/" class="btn btn-light btn-lg">Learn more about Green Button &raquo;</a>
                 <a href="https://github.com/GreenButtonAlliance" class="btn btn-outline-light btn-lg">View Open Source Projects &raquo;</a>
             </div>
         </div>
@@ -76,7 +76,5 @@ <h3 class="card-title">API Reference</h3>
         <footer th:replace="~{fragments/layout :: footer}"></footer>
     </div>
 
-    <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
 </body>
 </html>