feat(i18n): add default message fallbacks for missing translations

Improve i18n handling by providing sensible default messages when
translations are missing. This prevents raw message keys from being
displayed to users when message bundles are incomplete.

Changes:
- UserAPI: Add default messages to all getMessage() calls
- UserActionController: Use getValue() instead of name()/toString()
  for consistent message key generation from TokenValidationResult
- GlobalMessageControllerAdvice: Use messageKey as fallback when
  no translation is found

Author: devondragon

src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java

@@ -162,7 +162,7 @@ public ResponseEntity<JSONResponse> updateUserAccount(@AuthenticationPrincipal D
 
 		logAuditEvent("ProfileUpdate", "Success", "User profile updated", user, request);
 
-		return buildSuccessResponse(messages.getMessage("message.update-user.success", null, locale), null);
+		return buildSuccessResponse(messages.getMessage("message.update-user.success", null, "Profile updated successfully", locale), null);
 	}
 
 	/**
@@ -206,7 +206,7 @@ public ResponseEntity<JSONResponse> savePassword(@Valid @RequestBody SavePasswor
 			// are not a concern. Constant-time comparison is only needed when comparing
 			// against stored credentials, which is handled by Spring's PasswordEncoder.
 			if (!savePasswordDto.getNewPassword().equals(savePasswordDto.getConfirmPassword())) {
-				return buildErrorResponse(messages.getMessage("message.password.mismatch", null, locale), 1,
+				return buildErrorResponse(messages.getMessage("message.password.mismatch", null, "Passwords do not match", locale), 1,
 						HttpStatus.BAD_REQUEST);
 			}
 
@@ -216,14 +216,14 @@ public ResponseEntity<JSONResponse> savePassword(@Valid @RequestBody SavePasswor
 
 			if (tokenResult != UserService.TokenValidationResult.VALID) {
 				String messageKey = "auth.message." + tokenResult.getValue();
-				return buildErrorResponse(messages.getMessage(messageKey, null, locale), 2, HttpStatus.BAD_REQUEST);
+				return buildErrorResponse(messages.getMessage(messageKey, null, "Invalid or expired token", locale), 2, HttpStatus.BAD_REQUEST);
 			}
 
 			// Get user by token
 			Optional<User> userOptional = userService.getUserByPasswordResetToken(savePasswordDto.getToken());
 
 			if (userOptional.isEmpty()) {
-				return buildErrorResponse(messages.getMessage("auth.message.invalid", null, locale), 3,
+				return buildErrorResponse(messages.getMessage("auth.message.invalid", null, "Invalid token", locale), 3,
 						HttpStatus.BAD_REQUEST);
 			}
 
@@ -246,7 +246,7 @@ public ResponseEntity<JSONResponse> savePassword(@Valid @RequestBody SavePasswor
 
 			logAuditEvent("PasswordReset", "Success", "Password reset completed", user, request);
 
-			return buildSuccessResponse(messages.getMessage("message.reset-password.success", null, locale),
+			return buildSuccessResponse(messages.getMessage("message.reset-password.success", null, "Password has been reset successfully", locale),
 					"/user/login.html");
 
 		} catch (Exception ex) {
@@ -298,10 +298,10 @@ public ResponseEntity<JSONResponse> updatePassword(@AuthenticationPrincipal DSUs
 			userService.changeUserPassword(user, passwordDto.getNewPassword());
 			logAuditEvent("PasswordUpdate", "Success", "User password updated", user, request);
 
-			return buildSuccessResponse(messages.getMessage("message.update-password.success", null, locale), null);
+			return buildSuccessResponse(messages.getMessage("message.update-password.success", null, "Password updated successfully", locale), null);
 		} catch (InvalidOldPasswordException ex) {
 			logAuditEvent("PasswordUpdate", "Failure", "Invalid old password", user, request);
-			return buildErrorResponse(messages.getMessage("message.update-password.invalid-old", null, locale), 1,
+			return buildErrorResponse(messages.getMessage("message.update-password.invalid-old", null, "Invalid old password", locale), 1,
 					HttpStatus.BAD_REQUEST);
 		} catch (Exception ex) {
 			log.error("Unexpected error during password update.", ex);

src/main/java/com/digitalsanctuary/spring/user/controller/UserActionController.java

@@ -92,7 +92,7 @@ public ModelAndView showChangePasswordPage(final HttpServletRequest request, fin
 			String redirectString = "redirect:" + forgotPasswordChangeURI;
 			return new ModelAndView(redirectString, model);
 		} else {
-			String messageKey = AUTH_MESSAGE_PREFIX + result.name().toLowerCase();
+			String messageKey = AUTH_MESSAGE_PREFIX + result.getValue();
 			model.addAttribute("messageKey", messageKey);
 			return new ModelAndView("redirect:/index.html", model);
 		}
@@ -137,7 +137,7 @@ public ModelAndView confirmRegistration(final HttpServletRequest request, final
 			return new ModelAndView(redirectString, model);
 		}
 
-		model.addAttribute("messageKey", AUTH_MESSAGE_PREFIX + result.toString());
+		model.addAttribute("messageKey", AUTH_MESSAGE_PREFIX + result.getValue());
 		model.addAttribute("expired", result == TokenValidationResult.EXPIRED);
 		model.addAttribute("token", token);
 		log.debug("UserAPI.confirmRegistration: failed.  Token not found or expired.");

src/main/java/com/digitalsanctuary/spring/user/web/GlobalMessageControllerAdvice.java

@@ -39,7 +39,8 @@ public void addMessageFromKey(WebRequest request, org.springframework.ui.Model m
         String messageKey = request.getParameter("messageKey");
         if (messageKey != null) {
             Locale locale = request.getLocale();
-            String message = messages.getMessage(messageKey, null, locale);
+            // Use the messageKey itself as the default if no translation is found
+            String message = messages.getMessage(messageKey, null, messageKey, locale);
             model.addAttribute("message", message);
         }
     }