@Timed @PUT @Consumes(MediaType.APPLICATION_JSON) @Path("/code/{verification_code}") public void verifyAccount( @PathParam("verification_code") String verificationCode, @HeaderParam("Authorization") String authorizationHeader, @Valid AccountAttributes accountAttributes) throws RateLimitExceededException { try { AuthorizationHeader header = AuthorizationHeader.fromFullHeader(authorizationHeader); String number = header.getNumber(); String password = header.getPassword(); rateLimiters.getVerifyLimiter().validate(number); Optional<String> storedVerificationCode = pendingAccounts.getCodeForNumber(number); if (!storedVerificationCode.isPresent() || !verificationCode.equals(storedVerificationCode.get())) { throw new WebApplicationException(Response.status(403).build()); } Device device = new Device(); device.setId(Device.MASTER_ID); device.setAuthenticationCredentials(new AuthenticationCredentials(password)); device.setSignalingKey(accountAttributes.getSignalingKey()); device.setFetchesMessages(accountAttributes.getFetchesMessages()); device.setRegistrationId(accountAttributes.getRegistrationId()); Account account = new Account(); account.setNumber(number); account.setSupportsSms(accountAttributes.getSupportsSms()); account.addDevice(device); accounts.create(account); pendingAccounts.remove(number); logger.debug("Stored device..."); } catch (InvalidAuthorizationHeaderException e) { logger.info("Bad Authorization Header", e); throw new WebApplicationException(Response.status(401).build()); } }