Don't rate limit null pin submissions

src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java

@@ -175,13 +175,18 @@ public class AccountController {
           System.currentTimeMillis() - existingAccount.get().getLastSeen() < TimeUnit.DAYS.toMillis(7))
       {
         rateLimiters.getVerifyLimiter().clear(number);
-        rateLimiters.getPinLimiter().validate(number);
 
-        if (accountAttributes.getPin() == null ||
-            !MessageDigest.isEqual(existingAccount.get().getPin().get().getBytes(), accountAttributes.getPin().getBytes()))
-        {
         long timeRemaining = TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - existingAccount.get().getLastSeen());
 
+        if (accountAttributes.getPin() == null) {
+          throw new WebApplicationException(Response.status(423)
+                                                    .entity(new RegistrationLockFailure(timeRemaining))
+                                                    .build());
+        }
+
+        rateLimiters.getPinLimiter().validate(number);
+
+        if (!MessageDigest.isEqual(existingAccount.get().getPin().get().getBytes(), accountAttributes.getPin().getBytes())) {
           throw new WebApplicationException(Response.status(423)
                                                     .entity(new RegistrationLockFailure(timeRemaining))
                                                     .build());

src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java

@@ -213,7 +213,7 @@ public class AccountControllerTest {
 
     RegistrationLockFailure failure = response.readEntity(RegistrationLockFailure.class);
 
-    verify(pinLimiter).validate(eq(SENDER_PIN));
+    verifyNoMoreInteractions(pinLimiter);
   }
 
   @Test