From 5772323ea6fe5c6c8ad6ddf629c019d06345d035 Mon Sep 17 00:00:00 2001 From: simonredfern Date: Mon, 15 Dec 2025 12:47:17 +0100 Subject: [PATCH] HTML page reference --- ideas/HTML_PAGES_REFERENCE.md | 477 ++++++++++++++++++++++++++++++++++ 1 file changed, 477 insertions(+) create mode 100644 ideas/HTML_PAGES_REFERENCE.md diff --git a/ideas/HTML_PAGES_REFERENCE.md b/ideas/HTML_PAGES_REFERENCE.md new file mode 100644 index 000000000..b34272cb3 --- /dev/null +++ b/ideas/HTML_PAGES_REFERENCE.md @@ -0,0 +1,477 @@ +# HTML Pages Reference + +## Overview +This document lists all HTML pages in the OBP-API application and their route mappings. + +--- + +## Main Application Pages + +### 1. Home & Landing Pages + +#### index.html +- **Path:** `/index` +- **File:** `obp-api/src/main/webapp/index.html` +- **Route:** `Menu.i("Home") / "index"` +- **Authentication:** Not required +- **Purpose:** Main landing page for the API + +#### index-en.html +- **Path:** `/index-en` +- **File:** `obp-api/src/main/webapp/index-en.html` +- **Route:** `Menu.i("index-en") / "index-en"` +- **Authentication:** Not required +- **Purpose:** English version of landing page + +#### introduction.html +- **Path:** `/introduction` +- **File:** `obp-api/src/main/webapp/introduction.html` +- **Route:** `Menu.i("Introduction") / "introduction"` +- **Authentication:** Not required +- **Purpose:** Introduction to the API + +--- + +## Authentication & User Management Pages + +### 2. Login & User Information + +#### already-logged-in.html +- **Path:** `/already-logged-in` +- **File:** `obp-api/src/main/webapp/already-logged-in.html` +- **Route:** `Menu("Already Logged In", "Already Logged In") / "already-logged-in"` +- **Authentication:** Not required +- **Purpose:** Shows message when user is already logged in + +#### user-information.html +- **Path:** `/user-information` +- **File:** `obp-api/src/main/webapp/user-information.html` +- **Route:** `Menu("User Information", "User Information") / "user-information"` +- **Authentication:** Not required +- **Purpose:** Displays user information + +### 3. Password Reset + +#### Lost Password / Password Reset (Dynamically Generated) +- **Path:** `/user_mgt/lost_password` (lost password form) +- **Path:** `/user_mgt/reset_password/{TOKEN}` (reset password form) +- **File:** None (dynamically generated by Lift Framework) +- **Route:** Handled by `AuthUser.lostPassword` and `AuthUser.passwordReset` methods +- **Source:** `obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala` +- **Authentication:** Not required (public password reset) +- **Purpose:** Request and reset forgotten passwords +- **Note:** These are not static HTML files but are rendered by Lift's user management system +- **Links from:** + - `oauth/authorize.html` (line 30): "Forgotten password?" link + - `templates-hidden/_login.html` (line 31): "Forgotten password?" link + +**API Endpoint for Password Reset URL:** +- **Path:** `POST /obp/v4.0.0/management/user/reset-password-url` +- **Role Required:** `CanCreateResetPasswordUrl` +- **Purpose:** Programmatically create password reset URLs +- **Property:** Controlled by `ResetPasswordUrlEnabled` (default: false) + +### 4. User Invitation Pages + +#### user-invitation.html +- **Path:** `/user-invitation` +- **File:** `obp-api/src/main/webapp/user-invitation.html` +- **Route:** `Menu("User Invitation", "User Invitation") / "user-invitation"` +- **Authentication:** Not required +- **Purpose:** User invitation form/page + +#### user-invitation-info.html +- **Path:** `/user-invitation-info` +- **File:** `obp-api/src/main/webapp/user-invitation-info.html` +- **Route:** `Menu("User Invitation Info", "User Invitation Info") / "user-invitation-info"` +- **Authentication:** Not required +- **Purpose:** Information about user invitations + +#### user-invitation-invalid.html +- **Path:** `/user-invitation-invalid` +- **File:** `obp-api/src/main/webapp/user-invitation-invalid.html` +- **Route:** `Menu("User Invitation Invalid", "User Invitation Invalid") / "user-invitation-invalid"` +- **Authentication:** Not required +- **Purpose:** Shows when invitation is invalid + +#### user-invitation-warning.html +- **Path:** `/user-invitation-warning` +- **File:** `obp-api/src/main/webapp/user-invitation-warning.html` +- **Route:** `Menu("User Invitation Warning", "User Invitation Warning") / "user-invitation-warning"` +- **Authentication:** Not required +- **Purpose:** Shows warnings about invitations + +--- + +## OAuth & Consent Pages + +### 5. OAuth Flow Pages + +#### oauth/authorize.html +- **Path:** `/oauth/authorize` +- **File:** `obp-api/src/main/webapp/oauth/authorize.html` +- **Route:** `Menu.i("OAuth") / "oauth" / "authorize"` +- **Authentication:** Not required (starts OAuth flow) +- **Purpose:** OAuth authorization page where users approve access + +#### oauth/thanks.html +- **Path:** `/oauth/thanks` (via OAuthWorkedThanks.menu) +- **File:** `obp-api/src/main/webapp/oauth/thanks.html` +- **Route:** `OAuthWorkedThanks.menu` +- **Authentication:** Not required +- **Purpose:** OAuth completion page that performs redirect + +### 6. Consent Management Pages + +#### consent-screen.html +- **Path:** `/consent-screen` +- **File:** `obp-api/src/main/webapp/consent-screen.html` +- **Route:** `Menu("Consent Screen", Helper.i18n("consent.screen")) / "consent-screen" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** OAuth consent screen for approving permissions + +#### consents.html +- **Path:** `/consents` +- **File:** `obp-api/src/main/webapp/consents.html` +- **Route:** `Menu.i("Consents") / "consents"` +- **Authentication:** Not required +- **Purpose:** View/manage consents + +### 7. Berlin Group Consent Pages + +#### confirm-bg-consent-request.html +- **Path:** `/confirm-bg-consent-request` +- **File:** `obp-api/src/main/webapp/confirm-bg-consent-request.html` +- **Route:** `Menu.i("confirm-bg-consent-request") / "confirm-bg-consent-request" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** Berlin Group consent confirmation + +#### confirm-bg-consent-request-sca.html +- **Path:** `/confirm-bg-consent-request-sca` +- **File:** `obp-api/src/main/webapp/confirm-bg-consent-request-sca.html` +- **Route:** `Menu.i("confirm-bg-consent-request-sca") / "confirm-bg-consent-request-sca" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** Berlin Group consent with SCA (Strong Customer Authentication) + +#### confirm-bg-consent-request-redirect-uri.html +- **Path:** `/confirm-bg-consent-request-redirect-uri` +- **File:** `obp-api/src/main/webapp/confirm-bg-consent-request-redirect-uri.html` +- **Route:** `Menu.i("confirm-bg-consent-request-redirect-uri") / "confirm-bg-consent-request-redirect-uri" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** Berlin Group consent with redirect URI + +### 8. VRP (Variable Recurring Payments) Consent Pages + +#### confirm-vrp-consent-request.html +- **Path:** `/confirm-vrp-consent-request` +- **File:** `obp-api/src/main/webapp/confirm-vrp-consent-request.html` +- **Route:** `Menu.i("confirm-vrp-consent-request") / "confirm-vrp-consent-request" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** VRP consent request confirmation + +#### confirm-vrp-consent.html +- **Path:** `/confirm-vrp-consent` +- **File:** `obp-api/src/main/webapp/confirm-vrp-consent.html` +- **Route:** `Menu.i("confirm-vrp-consent") / "confirm-vrp-consent" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** VRP consent confirmation + +--- + +## Developer & Admin Pages + +### 9. Consumer Management + +#### consumer-registration.html +- **Path:** `/consumer-registration` +- **File:** `obp-api/src/main/webapp/consumer-registration.html` +- **Route:** `Menu("Consumer Registration", Helper.i18n("consumer.registration.nav.name")) / "consumer-registration" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** Register new API consumers (OAuth applications) + +### 10. Testing & Development + +#### dummy-user-tokens.html +- **Path:** `/dummy-user-tokens` +- **File:** `obp-api/src/main/webapp/dummy-user-tokens.html` +- **Route:** `Menu("Dummy user tokens", "Get Dummy user tokens") / "dummy-user-tokens" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** Get dummy user tokens for testing + +#### create-sandbox-account.html +- **Path:** `/create-sandbox-account` +- **File:** `obp-api/src/main/webapp/create-sandbox-account.html` +- **Route:** `Menu("Sandbox Account Creation", "Create Bank Account") / "create-sandbox-account" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** Create sandbox accounts for testing +- **Note:** Only available if `allow_sandbox_account_creation=true` in properties + +--- + +## Security & Authentication Context Pages + +### 11. User Authentication Context + +#### add-user-auth-context-update-request.html +- **Path:** `/add-user-auth-context-update-request` +- **File:** `obp-api/src/main/webapp/add-user-auth-context-update-request.html` +- **Route:** `Menu.i("add-user-auth-context-update-request") / "add-user-auth-context-update-request"` +- **Authentication:** Not required +- **Purpose:** Add user authentication context update request + +#### confirm-user-auth-context-update-request.html +- **Path:** `/confirm-user-auth-context-update-request` +- **File:** `obp-api/src/main/webapp/confirm-user-auth-context-update-request.html` +- **Route:** `Menu.i("confirm-user-auth-context-update-request") / "confirm-user-auth-context-update-request"` +- **Authentication:** Not required +- **Purpose:** Confirm user authentication context update + +### 12. OTP (One-Time Password) + +#### otp.html +- **Path:** `/otp` +- **File:** `obp-api/src/main/webapp/otp.html` +- **Route:** `Menu("Validate OTP", "Validate OTP") / "otp" >> AuthUser.loginFirst` +- **Authentication:** **Required** (AuthUser.loginFirst) +- **Purpose:** Validate one-time passwords + +--- + +## Legal & Information Pages + +### 13. Legal Pages + +#### terms-and-conditions.html +- **Path:** `/terms-and-conditions` +- **File:** `obp-api/src/main/webapp/terms-and-conditions.html` +- **Route:** `Menu("Terms and Conditions", "Terms and Conditions") / "terms-and-conditions"` +- **Authentication:** Not required +- **Purpose:** Terms and conditions + +#### privacy-policy.html +- **Path:** `/privacy-policy` +- **File:** `obp-api/src/main/webapp/privacy-policy.html` +- **Route:** `Menu("Privacy Policy", "Privacy Policy") / "privacy-policy"` +- **Authentication:** Not required +- **Purpose:** Privacy policy + +--- + +## Documentation & Reference Pages + +### 14. Documentation + +#### sdks.html +- **Path:** `/sdks` +- **File:** `obp-api/src/main/webapp/sdks.html` +- **Route:** `Menu.i("SDKs") / "sdks"` +- **Authentication:** Not required +- **Purpose:** SDK documentation and downloads + +#### static.html +- **Path:** `/static` +- **File:** `obp-api/src/main/webapp/static.html` +- **Route:** `Menu.i("Static") / "static"` +- **Authentication:** Not required +- **Purpose:** Static resource documentation + +#### main-faq.html +- **Path:** Not directly routed (likely included/embedded) +- **File:** `obp-api/src/main/webapp/main-faq.html` +- **Route:** None (component file) +- **Authentication:** N/A +- **Purpose:** FAQ content + +--- + +## Debug & Testing Pages + +### 15. Debug Pages + +#### debug.html +- **Path:** `/debug` +- **File:** `obp-api/src/main/webapp/debug.html` +- **Route:** `Menu.i("Debug") / "debug"` +- **Authentication:** Not required +- **Purpose:** Main debug page + +#### debug/awake.html +- **Path:** `/debug/awake` +- **File:** `obp-api/src/main/webapp/debug/awake.html` +- **Route:** `Menu.i("awake") / "debug" / "awake"` +- **Authentication:** Not required +- **Purpose:** Test if API is running/responsive + +#### debug/debug-basic.html +- **Path:** `/debug/debug-basic` +- **File:** `obp-api/src/main/webapp/debug/debug-basic.html` +- **Route:** `Menu.i("debug-basic") / "debug" / "debug-basic"` +- **Authentication:** Not required +- **Purpose:** Basic debug information + +#### debug/debug-default-header.html +- **Path:** `/debug/debug-default-header` +- **File:** `obp-api/src/main/webapp/debug/debug-default-header.html` +- **Route:** `Menu.i("debug-default-header") / "debug" / "debug-default-header"` +- **Authentication:** Not required +- **Purpose:** Test default header template + +#### debug/debug-default-footer.html +- **Path:** `/debug/debug-default-footer` +- **File:** `obp-api/src/main/webapp/debug/debug-default-footer.html` +- **Route:** `Menu.i("debug-default-footer") / "debug" / "debug-default-footer"` +- **Authentication:** Not required +- **Purpose:** Test default footer template + +#### debug/debug-localization.html +- **Path:** `/debug/debug-localization` +- **File:** `obp-api/src/main/webapp/debug/debug-localization.html` +- **Route:** `Menu.i("debug-localization") / "debug" / "debug-localization"` +- **Authentication:** Not required +- **Purpose:** Test localization/i18n + +#### debug/debug-plain.html +- **Path:** `/debug/debug-plain` +- **File:** `obp-api/src/main/webapp/debug/debug-plain.html` +- **Route:** `Menu.i("debug-plain") / "debug" / "debug-plain"` +- **Authentication:** Not required +- **Purpose:** Plain debug page without templates + +#### debug/debug-webui.html +- **Path:** `/debug/debug-webui` +- **File:** `obp-api/src/main/webapp/debug/debug-webui.html` +- **Route:** `Menu.i("debug-webui") / "debug" / "debug-webui"` +- **Authentication:** Not required +- **Purpose:** Test WebUI properties + +--- + +## Template Files (Not Directly Accessible) + +### 16. Template Components + +#### templates-hidden/_login.html +- **Path:** N/A (template component) +- **File:** `obp-api/src/main/webapp/templates-hidden/_login.html` +- **Route:** None (included by Lift framework) +- **Purpose:** Login form template component +- **Note:** Contains "Forgotten password?" link to `/user_mgt/lost_password` + +#### templates-hidden/default.html +- **Path:** N/A (template) +- **File:** `obp-api/src/main/webapp/templates-hidden/default.html` +- **Route:** None (Lift framework template) +- **Purpose:** Default page template + +#### templates-hidden/default-en.html +- **Path:** N/A (template) +- **File:** `obp-api/src/main/webapp/templates-hidden/default-en.html` +- **Route:** None (Lift framework template) +- **Purpose:** English default page template + +#### templates-hidden/default-header.html +- **Path:** N/A (template) +- **File:** `obp-api/src/main/webapp/templates-hidden/default-header.html` +- **Route:** None (Lift framework template) +- **Purpose:** Default header template + +#### templates-hidden/default-footer.html +- **Path:** N/A (template) +- **File:** `obp-api/src/main/webapp/templates-hidden/default-footer.html` +- **Route:** None (Lift framework template) +- **Purpose:** Default footer template + +--- + +## Other Pages + +### 17. Miscellaneous + +#### basic.html +- **Path:** Not directly routed (likely used programmatically) +- **File:** `obp-api/src/main/webapp/basic.html` +- **Route:** None found +- **Purpose:** Basic HTML page template + +--- + +## Route Configuration + +All routes are defined in: +- **File:** `obp-api/src/main/scala/bootstrap/liftweb/Boot.scala` +- **Method:** `boot` method in `Boot` class +- **Framework:** Lift Web Framework's SiteMap + +### Authentication Guards + +- `>> AuthUser.loginFirst` - Requires user to be logged in +- `>> Admin.loginFirst` - Requires admin user to be logged in +- No guard - Public access + +### Conditional Routes + +Some routes are conditionally added based on properties: +- Sandbox account creation requires: `allow_sandbox_account_creation=true` + +--- + +## URL Structure + +All pages are served at: +``` +https://[hostname]/[path] +``` + +For example: +- Home page: `https://api.example.com/index` +- OAuth: `https://api.example.com/oauth/authorize` +- Consent: `https://api.example.com/consent-screen` + +--- + +## Summary Statistics + +**Total HTML Files:** 43 +- **Public Pages:** 27 +- **Authenticated Pages:** 13 +- **Template Components:** 5 +- **Debug Pages:** 9 +- **Dynamically Generated:** 2 (password reset pages) + +**Page Categories:** +- Authentication & User Management: 7 pages +- Password Reset: 2 dynamically generated pages +- OAuth & Consent: 9 pages +- Developer & Admin: 3 pages +- Legal & Information: 4 pages +- Documentation: 4 pages +- Debug & Testing: 9 pages +- Templates: 5 files +- Miscellaneous: 2 pages + +--- + +## Notes + +1. **Lift Framework:** The application uses Lift Web Framework for routing and page rendering +2. **SiteMap:** Routes are configured via Lift's SiteMap in Boot.scala +3. **Templates:** Pages in `templates-hidden/` are not directly accessible but are used as layout templates +4. **Localization:** Some pages support internationalization (i18n) via `Helper.i18n()` +5. **Security:** Many pages require authentication via `AuthUser.loginFirst` or `Admin.loginFirst` +6. **OAuth Flow:** The OAuth authorization flow involves multiple pages: authorize → consent-screen → thanks +7. **Consent Types:** Different consent screens for different standards (Berlin Group, VRP, generic OAuth) +8. **Password Reset:** The password reset flow is handled dynamically by Lift's user management system, not static HTML files + - Lost password form: `/user_mgt/lost_password` + - Reset password form: `/user_mgt/reset_password/{TOKEN}` + - Implementation in: `code/model/dataAccess/AuthUser.scala` + +--- + +## Related Files + +- **Boot Configuration:** `obp-api/src/main/scala/bootstrap/liftweb/Boot.scala` +- **Menu Helpers:** Various classes in `code` package +- **Templates:** Lift framework `templates-hidden` directory +- **Static Resources:** JavaScript, CSS, and images in `webapp` directory +- **User Management:** `obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala` (password reset, validation) +- **Password Reset API:** `obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala` (resetPasswordUrl endpoint) \ No newline at end of file