diff --git a/core/modules/rest/src/Plugin/rest/resource/UserLoginResource.php b/core/modules/rest/src/Plugin/rest/resource/UserLoginResource.php
index cdad5ea..14dadbf 100644
--- a/core/modules/rest/src/Plugin/rest/resource/UserLoginResource.php
+++ b/core/modules/rest/src/Plugin/rest/resource/UserLoginResource.php
@@ -46,11 +46,14 @@ public function post(array $operation = array()) {
         if (!empty($operation['credentials'])) {
           return $this->login($operation['credentials']);
         }
-        return new ResourceResponse('credentials.', 400, array());
+        return new ResourceResponse('Missing credentials.', 400, array());
 
       case 'logout':
         return $this->logout();
 
+      default:
+        return new ResourceResponse('Unsupported op.', 400, array());
+
     }
   }
 
diff --git a/core/modules/rest/src/RequestHandler.php b/core/modules/rest/src/RequestHandler.php
index d7b3280..4fd9fd8 100644
--- a/core/modules/rest/src/RequestHandler.php
+++ b/core/modules/rest/src/RequestHandler.php
@@ -59,7 +59,7 @@ public function handle(RouteMatchInterface $route_match, Request $request) {
       $method_settings = $config[$plugin][$request->getMethod()];
       if (empty($method_settings['supported_formats']) || in_array($format, $method_settings['supported_formats'])) {
         $definition = $resource->getPluginDefinition();
-        $class = $definition['serialization_class'];
+        $class = isset($definition['serialization_class']) ? $definition['serialization_class'] : NULL;
         try {
           if ($class) {
             $unserialized = $serializer->deserialize($received, $class, $format, array('request_method' => $method));
diff --git a/core/modules/rest/src/Tests/RESTTestBase.php b/core/modules/rest/src/Tests/RESTTestBase.php
index ff382d5..edddae2 100644
--- a/core/modules/rest/src/Tests/RESTTestBase.php
+++ b/core/modules/rest/src/Tests/RESTTestBase.php
@@ -77,7 +77,7 @@ protected function setUp() {
    * @return string
    *   The content returned from the request.
    */
-  protected function httpRequest($url, $method, $body = NULL, $mime_type = NULL) {
+  protected function httpRequest($url, $method, $body = NULL, $mime_type = NULL, $request_headers = []) {
     if (!isset($mime_type)) {
       $mime_type = $this->defaultMimeType;
     }
@@ -107,10 +107,11 @@ protected function httpRequest($url, $method, $body = NULL, $mime_type = NULL) {
           CURLOPT_POSTFIELDS => $body,
           CURLOPT_URL => $url,
           CURLOPT_NOBODY => FALSE,
-          CURLOPT_HTTPHEADER => array(
+          CURLOPT_HTTPHEADER => array_merge(
+            array(
             'Content-Type: ' . $mime_type,
             'X-CSRF-Token: ' . $token,
-          ),
+          ), $request_headers),
         );
         break;
 
@@ -162,6 +163,9 @@ protected function httpRequest($url, $method, $body = NULL, $mime_type = NULL) {
 
     $this->verbose($method . ' request to: ' . $url .
       '<hr />Code: ' . curl_getinfo($this->curlHandle, CURLINFO_HTTP_CODE) .
+      '<hr />Request headers: ' . nl2br(print_r($curl_options[CURLOPT_HTTPHEADER], TRUE)) .
+      '<hr />Extra headers: ' . nl2br(print_r($request_headers, TRUE)) .
+      '<hr />Request body: ' . nl2br(print_r($body, TRUE)) .
       '<hr />Response headers: ' . nl2br(print_r($headers, TRUE)) .
       '<hr />Response body: ' . $response);
 
diff --git a/core/modules/rest/src/Tests/UserTest.php b/core/modules/rest/src/Tests/UserTest.php
index b928677..3bf00e7 100644
--- a/core/modules/rest/src/Tests/UserTest.php
+++ b/core/modules/rest/src/Tests/UserTest.php
@@ -27,27 +27,78 @@ class UserTest extends RESTTestBase {
    * Tests login, status, logout.
    */
   public function testLogin() {
+    $this->defaultAuth = array('basic_auth');
+
     $this->enableService('user_login', 'POST');
 
-    $account = $this->drupalCreateUser();
+    $permissions[] = 'restful post user_login';
+    $account = $this->drupalCreateUser($permissions);
+
+    $name = $account->getUsername();
+    $pass = $account->pass_raw;
 
-    $payload = array(
-      'op' => 'login',
-      'credentials' => array(
-        'name' => $account->getUsername(),
-        'pass' => $account->pass_raw,
-      ),
-    );
+    $basic_auth = ['Authorization: Basic ' . base64_encode("$name:$pass")];
 
-    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType);
+    $payload = $this->getPayload('login', $name, $pass);
+    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType, $basic_auth);
     $this->assertResponse('200', 'Successfully logged into Drupal.');
 
-    $payload = array(
-      'op' => 'logout',
-    );
+    $payload = $this->getPayload('login');
+    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType, $basic_auth);
+    $this->assertResponse('400', 'Missing credentials.');
+
+    $payload = $this->getPayload('login', $name);
+    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType, $basic_auth);
+    $this->assertResponse('400', 'Missing credentials.name.');
+
+    $payload = $this->getPayload('login', NULL, $pass);
+    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType, $basic_auth);
+    $this->assertResponse('400', 'Missing credentials.pass.');
+
+    $payload = $this->getPayload('login', $name, 'garbage');
+    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType, $basic_auth);
+    $this->assertResponse('400', 'Sorry, unrecognized username or password.');
+
+    $payload = $this->getPayload('login', 'garbage', $pass);
+    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType, $basic_auth);
+    $this->assertResponse('400', 'Sorry, unrecognized username or password.');
+
+    $payload = $this->getPayload('status');
+    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType, $basic_auth);
+    $this->assertResponse('200', 'You are not logged in.');
+
+    $payload = $this->getPayload('garbage');
+    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType, $basic_auth);
+    $this->assertResponse('400', 'Unsupported op.');
 
-    $this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType);
-    $this->assertResponse('200', 'Successfully logged out from Drupal.');
+    $payload = $this->getPayload('logout');
+    //$this->httpRequest('user_login', 'POST', json_encode($payload), $this->defaultMimeType);
+    $this->assertResponse('200', 'Successfully logged out from Drupal.', $basic_auth);
+
+  }
+
+  /**
+   * Helper function to build the payload.
+   *
+   * @param string $op
+   * @param string|null $user
+   * @param string|null $pass
+   * @return array
+   *
+   * @see UserLoginResource.php
+   */
+  private function getPayload( $op, $name = NULL, $pass = NULL) {
+    $result = array('op' => $op);
 
+    if ($op == 'login') {
+      $result['credentials'] = array();
+      if (isset($name)) {
+        $result['credentials']['name'] = $name;
+      }
+      if (isset($pass)) {
+        $result['credentials']['pass'] = $pass;
+      }
+    }
+    return $result;
   }
 }