diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc
index f798392..8f8cab4 100644
--- a/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@@ -2490,8 +2490,8 @@ function install_configure_form_submit($form, &$form_state) {
   $account->name = $form_state['values']['account']['name'];
   $account->save();
   // Load global $user and perform final login tasks.
-  $user = user_load(1);
-  user_login_finalize();
+  $account = user_load(1);
+  user_login_finalize($account);
 
   // Record when this install ran.
   variable_set('install_time', $_SERVER['REQUEST_TIME']);
diff --git a/core/modules/user/lib/Drupal/user/Controller/UserController.php b/core/modules/user/lib/Drupal/user/Controller/UserController.php
index 90c6bdf..f663bb9 100644
--- a/core/modules/user/lib/Drupal/user/Controller/UserController.php
+++ b/core/modules/user/lib/Drupal/user/Controller/UserController.php
@@ -7,6 +7,7 @@
 
 namespace Drupal\user\Controller;
 
+use Drupal\user\Form\UserLoginForm;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 
@@ -21,19 +22,22 @@ class UserController {
    * Displays user profile if user is logged in, or login form for anonymous
    * users.
    *
+   * @param \Symfony\Component\HttpFoundation\Request $request
+   *   The request object.
+   *
    * @return \Symfony\Component\HttpFoundation\RedirectResponse|array
    *   Returns either a redirect to the user page or the render
    *   array of the login form.
    */
-  public function userPage() {
+  public function userPage(Request $request) {
     global $user;
     if ($user->uid) {
-      $url = 'user/' . $user->uid;
+      $response = new RedirectResponse(url('user/' . $user->uid, array('absolute' => TRUE)));
     }
     else {
-      $url = 'user/login';
+      $response = drupal_get_form(UserLoginForm::create(\Drupal::getContainer()), $request);
     }
-    return new RedirectResponse(url($url, array('absolute' => TRUE)));
+    return $response;
   }
 
   /**
diff --git a/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php b/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php
index 4535fc1..923d983 100644
--- a/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php
+++ b/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php
@@ -111,11 +111,10 @@ public function validateForm(array &$form, array &$form_state) {
    * {@inheritdoc}
    */
   public function submitForm(array &$form, array &$form_state) {
-    global $user;
-    $user = user_load($form_state['uid']);
-    $form_state['redirect'] = 'user/' . $user->uid;
+    $account = user_load($form_state['uid']);
+    $form_state['redirect'] = 'user/' . $account->uid;
 
-    user_login_finalize($form_state);
+    user_login_finalize($account);
   }
 
   /**
diff --git a/core/modules/user/lib/Drupal/user/RegisterFormController.php b/core/modules/user/lib/Drupal/user/RegisterFormController.php
index ceecd65..e4524b4 100644
--- a/core/modules/user/lib/Drupal/user/RegisterFormController.php
+++ b/core/modules/user/lib/Drupal/user/RegisterFormController.php
@@ -118,8 +118,7 @@ public function save(array $form, array &$form_state) {
     // No e-mail verification required; log in user immediately.
     elseif (!$admin && !config('user.settings')->get('verify_mail') && $account->status) {
       _user_mail_notify('register_no_approval_required', $account);
-      $form_state['uid'] = $account->uid;
-      user_login_form_submit(array(), $form_state);
+      user_login_finalize($account);
       drupal_set_message(t('Registration successful. You are now logged in.'));
       $form_state['redirect'] = '';
     }
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 1fd6b49..19f705a 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -1213,13 +1213,14 @@ function user_authenticate($name, $password) {
  * The function records a watchdog message about the new session, saves the
  * login timestamp, calls hook_user_login(), and generates a new session.
  *
- * @param array $edit
- *   The array of form values submitted by the user.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ *   The account to log in.
  *
  * @see hook_user_login()
  */
-function user_login_finalize(&$edit = array()) {
+function user_login_finalize(AccountInterface $account) {
   global $user;
+  $user = $account;
   watchdog('user', 'Session opened for %name.', array('%name' => $user->name));
   // Update the user table timestamp noting user has logged in.
   // This is also used to invalidate one-time login links.
diff --git a/core/modules/user/user.pages.inc b/core/modules/user/user.pages.inc
index ffd16eb..d98041a 100644
--- a/core/modules/user/user.pages.inc
+++ b/core/modules/user/user.pages.inc
@@ -130,10 +130,9 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
         // First stage is a confirmation form, then login
         if ($action == 'login') {
           // Set the new user.
-          $user = $account;
           // user_login_finalize() also updates the login timestamp of the
           // user, which invalidates further use of the one-time login link.
-          user_login_finalize();
+          user_login_finalize($account);
           watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));
           drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.'));
           // Let the user's password be changed without the current password check.