HTML page reference

2026-02-06 15:06:50 +00:00 · 2025-12-15 12:47:17 +01:00 · 2025-12-15 12:47:17 +01:00 · 5772323ea6
commit 5772323ea6
parent 3bdc3da7f5
1 changed files with 477 additions and 0 deletions
--- a/ideas/HTML_PAGES_REFERENCE.md
+++ b/ideas/HTML_PAGES_REFERENCE.md
@ -0,0 +1,477 @@
+# HTML Pages Reference
+
+## Overview
+This document lists all HTML pages in the OBP-API application and their route mappings.
+
+---
+
+## Main Application Pages
+
+### 1. Home & Landing Pages
+
+#### index.html
+- **Path:** `/index`
+- **File:** `obp-api/src/main/webapp/index.html`
+- **Route:** `Menu.i("Home") / "index"`
+- **Authentication:** Not required
+- **Purpose:** Main landing page for the API
+
+#### index-en.html
+- **Path:** `/index-en`
+- **File:** `obp-api/src/main/webapp/index-en.html`
+- **Route:** `Menu.i("index-en") / "index-en"`
+- **Authentication:** Not required
+- **Purpose:** English version of landing page
+
+#### introduction.html
+- **Path:** `/introduction`
+- **File:** `obp-api/src/main/webapp/introduction.html`
+- **Route:** `Menu.i("Introduction") / "introduction"`
+- **Authentication:** Not required
+- **Purpose:** Introduction to the API
+
+---
+
+## Authentication & User Management Pages
+
+### 2. Login & User Information
+
+#### already-logged-in.html
+- **Path:** `/already-logged-in`
+- **File:** `obp-api/src/main/webapp/already-logged-in.html`
+- **Route:** `Menu("Already Logged In", "Already Logged In") / "already-logged-in"`
+- **Authentication:** Not required
+- **Purpose:** Shows message when user is already logged in
+
+#### user-information.html
+- **Path:** `/user-information`
+- **File:** `obp-api/src/main/webapp/user-information.html`
+- **Route:** `Menu("User Information", "User Information") / "user-information"`
+- **Authentication:** Not required
+- **Purpose:** Displays user information
+
+### 3. Password Reset
+
+#### Lost Password / Password Reset (Dynamically Generated)
+- **Path:** `/user_mgt/lost_password` (lost password form)
+- **Path:** `/user_mgt/reset_password/{TOKEN}` (reset password form)
+- **File:** None (dynamically generated by Lift Framework)
+- **Route:** Handled by `AuthUser.lostPassword` and `AuthUser.passwordReset` methods
+- **Source:** `obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala`
+- **Authentication:** Not required (public password reset)
+- **Purpose:** Request and reset forgotten passwords
+- **Note:** These are not static HTML files but are rendered by Lift's user management system
+- **Links from:** 
+  - `oauth/authorize.html` (line 30): "Forgotten password?" link
+  - `templates-hidden/_login.html` (line 31): "Forgotten password?" link
+
+**API Endpoint for Password Reset URL:**
+- **Path:** `POST /obp/v4.0.0/management/user/reset-password-url`
+- **Role Required:** `CanCreateResetPasswordUrl`
+- **Purpose:** Programmatically create password reset URLs
+- **Property:** Controlled by `ResetPasswordUrlEnabled` (default: false)
+
+### 4. User Invitation Pages
+
+#### user-invitation.html
+- **Path:** `/user-invitation`
+- **File:** `obp-api/src/main/webapp/user-invitation.html`
+- **Route:** `Menu("User Invitation", "User Invitation") / "user-invitation"`
+- **Authentication:** Not required
+- **Purpose:** User invitation form/page
+
+#### user-invitation-info.html
+- **Path:** `/user-invitation-info`
+- **File:** `obp-api/src/main/webapp/user-invitation-info.html`
+- **Route:** `Menu("User Invitation Info", "User Invitation Info") / "user-invitation-info"`
+- **Authentication:** Not required
+- **Purpose:** Information about user invitations
+
+#### user-invitation-invalid.html
+- **Path:** `/user-invitation-invalid`
+- **File:** `obp-api/src/main/webapp/user-invitation-invalid.html`
+- **Route:** `Menu("User Invitation Invalid", "User Invitation Invalid") / "user-invitation-invalid"`
+- **Authentication:** Not required
+- **Purpose:** Shows when invitation is invalid
+
+#### user-invitation-warning.html
+- **Path:** `/user-invitation-warning`
+- **File:** `obp-api/src/main/webapp/user-invitation-warning.html`
+- **Route:** `Menu("User Invitation Warning", "User Invitation Warning") / "user-invitation-warning"`
+- **Authentication:** Not required
+- **Purpose:** Shows warnings about invitations
+
+---
+
+## OAuth & Consent Pages
+
+### 5. OAuth Flow Pages
+
+#### oauth/authorize.html
+- **Path:** `/oauth/authorize`
+- **File:** `obp-api/src/main/webapp/oauth/authorize.html`
+- **Route:** `Menu.i("OAuth") / "oauth" / "authorize"`
+- **Authentication:** Not required (starts OAuth flow)
+- **Purpose:** OAuth authorization page where users approve access
+
+#### oauth/thanks.html
+- **Path:** `/oauth/thanks` (via OAuthWorkedThanks.menu)
+- **File:** `obp-api/src/main/webapp/oauth/thanks.html`
+- **Route:** `OAuthWorkedThanks.menu`
+- **Authentication:** Not required
+- **Purpose:** OAuth completion page that performs redirect
+
+### 6. Consent Management Pages
+
+#### consent-screen.html
+- **Path:** `/consent-screen`
+- **File:** `obp-api/src/main/webapp/consent-screen.html`
+- **Route:** `Menu("Consent Screen", Helper.i18n("consent.screen")) / "consent-screen" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** OAuth consent screen for approving permissions
+
+#### consents.html
+- **Path:** `/consents`
+- **File:** `obp-api/src/main/webapp/consents.html`
+- **Route:** `Menu.i("Consents") / "consents"`
+- **Authentication:** Not required
+- **Purpose:** View/manage consents
+
+### 7. Berlin Group Consent Pages
+
+#### confirm-bg-consent-request.html
+- **Path:** `/confirm-bg-consent-request`
+- **File:** `obp-api/src/main/webapp/confirm-bg-consent-request.html`
+- **Route:** `Menu.i("confirm-bg-consent-request") / "confirm-bg-consent-request" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** Berlin Group consent confirmation
+
+#### confirm-bg-consent-request-sca.html
+- **Path:** `/confirm-bg-consent-request-sca`
+- **File:** `obp-api/src/main/webapp/confirm-bg-consent-request-sca.html`
+- **Route:** `Menu.i("confirm-bg-consent-request-sca") / "confirm-bg-consent-request-sca" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** Berlin Group consent with SCA (Strong Customer Authentication)
+
+#### confirm-bg-consent-request-redirect-uri.html
+- **Path:** `/confirm-bg-consent-request-redirect-uri`
+- **File:** `obp-api/src/main/webapp/confirm-bg-consent-request-redirect-uri.html`
+- **Route:** `Menu.i("confirm-bg-consent-request-redirect-uri") / "confirm-bg-consent-request-redirect-uri" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** Berlin Group consent with redirect URI
+
+### 8. VRP (Variable Recurring Payments) Consent Pages
+
+#### confirm-vrp-consent-request.html
+- **Path:** `/confirm-vrp-consent-request`
+- **File:** `obp-api/src/main/webapp/confirm-vrp-consent-request.html`
+- **Route:** `Menu.i("confirm-vrp-consent-request") / "confirm-vrp-consent-request" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** VRP consent request confirmation
+
+#### confirm-vrp-consent.html
+- **Path:** `/confirm-vrp-consent`
+- **File:** `obp-api/src/main/webapp/confirm-vrp-consent.html`
+- **Route:** `Menu.i("confirm-vrp-consent") / "confirm-vrp-consent" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** VRP consent confirmation
+
+---
+
+## Developer & Admin Pages
+
+### 9. Consumer Management
+
+#### consumer-registration.html
+- **Path:** `/consumer-registration`
+- **File:** `obp-api/src/main/webapp/consumer-registration.html`
+- **Route:** `Menu("Consumer Registration", Helper.i18n("consumer.registration.nav.name")) / "consumer-registration" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** Register new API consumers (OAuth applications)
+
+### 10. Testing & Development
+
+#### dummy-user-tokens.html
+- **Path:** `/dummy-user-tokens`
+- **File:** `obp-api/src/main/webapp/dummy-user-tokens.html`
+- **Route:** `Menu("Dummy user tokens", "Get Dummy user tokens") / "dummy-user-tokens" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** Get dummy user tokens for testing
+
+#### create-sandbox-account.html
+- **Path:** `/create-sandbox-account`
+- **File:** `obp-api/src/main/webapp/create-sandbox-account.html`
+- **Route:** `Menu("Sandbox Account Creation", "Create Bank Account") / "create-sandbox-account" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** Create sandbox accounts for testing
+- **Note:** Only available if `allow_sandbox_account_creation=true` in properties
+
+---
+
+## Security & Authentication Context Pages
+
+### 11. User Authentication Context
+
+#### add-user-auth-context-update-request.html
+- **Path:** `/add-user-auth-context-update-request`
+- **File:** `obp-api/src/main/webapp/add-user-auth-context-update-request.html`
+- **Route:** `Menu.i("add-user-auth-context-update-request") / "add-user-auth-context-update-request"`
+- **Authentication:** Not required
+- **Purpose:** Add user authentication context update request
+
+#### confirm-user-auth-context-update-request.html
+- **Path:** `/confirm-user-auth-context-update-request`
+- **File:** `obp-api/src/main/webapp/confirm-user-auth-context-update-request.html`
+- **Route:** `Menu.i("confirm-user-auth-context-update-request") / "confirm-user-auth-context-update-request"`
+- **Authentication:** Not required
+- **Purpose:** Confirm user authentication context update
+
+### 12. OTP (One-Time Password)
+
+#### otp.html
+- **Path:** `/otp`
+- **File:** `obp-api/src/main/webapp/otp.html`
+- **Route:** `Menu("Validate OTP", "Validate OTP") / "otp" >> AuthUser.loginFirst`
+- **Authentication:** **Required** (AuthUser.loginFirst)
+- **Purpose:** Validate one-time passwords
+
+---
+
+## Legal & Information Pages
+
+### 13. Legal Pages
+
+#### terms-and-conditions.html
+- **Path:** `/terms-and-conditions`
+- **File:** `obp-api/src/main/webapp/terms-and-conditions.html`
+- **Route:** `Menu("Terms and Conditions", "Terms and Conditions") / "terms-and-conditions"`
+- **Authentication:** Not required
+- **Purpose:** Terms and conditions
+
+#### privacy-policy.html
+- **Path:** `/privacy-policy`
+- **File:** `obp-api/src/main/webapp/privacy-policy.html`
+- **Route:** `Menu("Privacy Policy", "Privacy Policy") / "privacy-policy"`
+- **Authentication:** Not required
+- **Purpose:** Privacy policy
+
+---
+
+## Documentation & Reference Pages
+
+### 14. Documentation
+
+#### sdks.html
+- **Path:** `/sdks`
+- **File:** `obp-api/src/main/webapp/sdks.html`
+- **Route:** `Menu.i("SDKs") / "sdks"`
+- **Authentication:** Not required
+- **Purpose:** SDK documentation and downloads
+
+#### static.html
+- **Path:** `/static`
+- **File:** `obp-api/src/main/webapp/static.html`
+- **Route:** `Menu.i("Static") / "static"`
+- **Authentication:** Not required
+- **Purpose:** Static resource documentation
+
+#### main-faq.html
+- **Path:** Not directly routed (likely included/embedded)
+- **File:** `obp-api/src/main/webapp/main-faq.html`
+- **Route:** None (component file)
+- **Authentication:** N/A
+- **Purpose:** FAQ content
+
+---
+
+## Debug & Testing Pages
+
+### 15. Debug Pages
+
+#### debug.html
+- **Path:** `/debug`
+- **File:** `obp-api/src/main/webapp/debug.html`
+- **Route:** `Menu.i("Debug") / "debug"`
+- **Authentication:** Not required
+- **Purpose:** Main debug page
+
+#### debug/awake.html
+- **Path:** `/debug/awake`
+- **File:** `obp-api/src/main/webapp/debug/awake.html`
+- **Route:** `Menu.i("awake") / "debug" / "awake"`
+- **Authentication:** Not required
+- **Purpose:** Test if API is running/responsive
+
+#### debug/debug-basic.html
+- **Path:** `/debug/debug-basic`
+- **File:** `obp-api/src/main/webapp/debug/debug-basic.html`
+- **Route:** `Menu.i("debug-basic") / "debug" / "debug-basic"`
+- **Authentication:** Not required
+- **Purpose:** Basic debug information
+
+#### debug/debug-default-header.html
+- **Path:** `/debug/debug-default-header`
+- **File:** `obp-api/src/main/webapp/debug/debug-default-header.html`
+- **Route:** `Menu.i("debug-default-header") / "debug" / "debug-default-header"`
+- **Authentication:** Not required
+- **Purpose:** Test default header template
+
+#### debug/debug-default-footer.html
+- **Path:** `/debug/debug-default-footer`
+- **File:** `obp-api/src/main/webapp/debug/debug-default-footer.html`
+- **Route:** `Menu.i("debug-default-footer") / "debug" / "debug-default-footer"`
+- **Authentication:** Not required
+- **Purpose:** Test default footer template
+
+#### debug/debug-localization.html
+- **Path:** `/debug/debug-localization`
+- **File:** `obp-api/src/main/webapp/debug/debug-localization.html`
+- **Route:** `Menu.i("debug-localization") / "debug" / "debug-localization"`
+- **Authentication:** Not required
+- **Purpose:** Test localization/i18n
+
+#### debug/debug-plain.html
+- **Path:** `/debug/debug-plain`
+- **File:** `obp-api/src/main/webapp/debug/debug-plain.html`
+- **Route:** `Menu.i("debug-plain") / "debug" / "debug-plain"`
+- **Authentication:** Not required
+- **Purpose:** Plain debug page without templates
+
+#### debug/debug-webui.html
+- **Path:** `/debug/debug-webui`
+- **File:** `obp-api/src/main/webapp/debug/debug-webui.html`
+- **Route:** `Menu.i("debug-webui") / "debug" / "debug-webui"`
+- **Authentication:** Not required
+- **Purpose:** Test WebUI properties
+
+---
+
+## Template Files (Not Directly Accessible)
+
+### 16. Template Components
+
+#### templates-hidden/_login.html
+- **Path:** N/A (template component)
+- **File:** `obp-api/src/main/webapp/templates-hidden/_login.html`
+- **Route:** None (included by Lift framework)
+- **Purpose:** Login form template component
+- **Note:** Contains "Forgotten password?" link to `/user_mgt/lost_password`
+
+#### templates-hidden/default.html
+- **Path:** N/A (template)
+- **File:** `obp-api/src/main/webapp/templates-hidden/default.html`
+- **Route:** None (Lift framework template)
+- **Purpose:** Default page template
+
+#### templates-hidden/default-en.html
+- **Path:** N/A (template)
+- **File:** `obp-api/src/main/webapp/templates-hidden/default-en.html`
+- **Route:** None (Lift framework template)
+- **Purpose:** English default page template
+
+#### templates-hidden/default-header.html
+- **Path:** N/A (template)
+- **File:** `obp-api/src/main/webapp/templates-hidden/default-header.html`
+- **Route:** None (Lift framework template)
+- **Purpose:** Default header template
+
+#### templates-hidden/default-footer.html
+- **Path:** N/A (template)
+- **File:** `obp-api/src/main/webapp/templates-hidden/default-footer.html`
+- **Route:** None (Lift framework template)
+- **Purpose:** Default footer template
+
+---
+
+## Other Pages
+
+### 17. Miscellaneous
+
+#### basic.html
+- **Path:** Not directly routed (likely used programmatically)
+- **File:** `obp-api/src/main/webapp/basic.html`
+- **Route:** None found
+- **Purpose:** Basic HTML page template
+
+---
+
+## Route Configuration
+
+All routes are defined in:
+- **File:** `obp-api/src/main/scala/bootstrap/liftweb/Boot.scala`
+- **Method:** `boot` method in `Boot` class
+- **Framework:** Lift Web Framework's SiteMap
+
+### Authentication Guards
+
+- `>> AuthUser.loginFirst` - Requires user to be logged in
+- `>> Admin.loginFirst` - Requires admin user to be logged in
+- No guard - Public access
+
+### Conditional Routes
+
+Some routes are conditionally added based on properties:
+- Sandbox account creation requires: `allow_sandbox_account_creation=true`
+
+---
+
+## URL Structure
+
+All pages are served at:
+```
+https://[hostname]/[path]
+```
+
+For example:
+- Home page: `https://api.example.com/index`
+- OAuth: `https://api.example.com/oauth/authorize`
+- Consent: `https://api.example.com/consent-screen`
+
+---
+
+## Summary Statistics
+
+**Total HTML Files:** 43
+- **Public Pages:** 27
+- **Authenticated Pages:** 13
+- **Template Components:** 5
+- **Debug Pages:** 9
+- **Dynamically Generated:** 2 (password reset pages)
+
+**Page Categories:**
+- Authentication & User Management: 7 pages
+- Password Reset: 2 dynamically generated pages
+- OAuth & Consent: 9 pages
+- Developer & Admin: 3 pages
+- Legal & Information: 4 pages
+- Documentation: 4 pages
+- Debug & Testing: 9 pages
+- Templates: 5 files
+- Miscellaneous: 2 pages
+
+---
+
+## Notes
+
+1. **Lift Framework:** The application uses Lift Web Framework for routing and page rendering
+2. **SiteMap:** Routes are configured via Lift's SiteMap in Boot.scala
+3. **Templates:** Pages in `templates-hidden/` are not directly accessible but are used as layout templates
+4. **Localization:** Some pages support internationalization (i18n) via `Helper.i18n()`
+5. **Security:** Many pages require authentication via `AuthUser.loginFirst` or `Admin.loginFirst`
+6. **OAuth Flow:** The OAuth authorization flow involves multiple pages: authorize → consent-screen → thanks
+7. **Consent Types:** Different consent screens for different standards (Berlin Group, VRP, generic OAuth)
+8. **Password Reset:** The password reset flow is handled dynamically by Lift's user management system, not static HTML files
+   - Lost password form: `/user_mgt/lost_password`
+   - Reset password form: `/user_mgt/reset_password/{TOKEN}`
+   - Implementation in: `code/model/dataAccess/AuthUser.scala`
+
+---
+
+## Related Files
+
+- **Boot Configuration:** `obp-api/src/main/scala/bootstrap/liftweb/Boot.scala`
+- **Menu Helpers:** Various classes in `code` package
+- **Templates:** Lift framework `templates-hidden` directory
+- **Static Resources:** JavaScript, CSS, and images in `webapp` directory
+- **User Management:** `obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala` (password reset, validation)
+- **Password Reset API:** `obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala` (resetPasswordUrl endpoint)