diff --git a/core/modules/user/src/AccountForm.php b/core/modules/user/src/AccountForm.php
index 4881d9c..c51b78b 100644
--- a/core/modules/user/src/AccountForm.php
+++ b/core/modules/user/src/AccountForm.php
@@ -98,8 +98,7 @@ public function form(array $form, FormStateInterface $form_state) {
       '#default_value' => (!$register ? $account->getEmail() : ''),
     );
 
-    // Only show name field on registration form or user can change own
-    // username.
+    // Only show name field on registration form or user can change own username.
     $form['account']['name'] = array(
       '#type' => 'textfield',
       '#title' => $this->t('Username'),
@@ -314,9 +313,10 @@ public function syncUserLangcode($entity_type_id, UserInterface $user, array &$f
   public function buildEntity(array $form, FormStateInterface $form_state) {
     // Change the roles array to a list of enabled roles.
     // @todo: Alter the form state as the form values are directly extracted and
-    // set on the field, which throws an exception as the list requires
-    // numeric keys. Allow to override this per field. As this function is
-    // called twice, we have to prevent it from getting the array keys twice.
+    //   set on the field, which throws an exception as the list requires
+    //   numeric keys. Allow to override this per field. As this function is
+    //   called twice, we have to prevent it from getting the array keys twice.
+
     if (is_string(key($form_state->getValue('roles')))) {
       $form_state->setValue('roles', array_keys(array_filter($form_state->getValue('roles'))));
     }
@@ -355,7 +355,7 @@ protected function getEditedFieldNames(FormStateInterface $form_state) {
       'timezone',
       'langcode',
       'preferred_langcode',
-      'preferred_admin_langcode',
+      'preferred_admin_langcode'
     ), parent::getEditedFieldNames($form_state));
   }
 
@@ -373,7 +373,7 @@ protected function flagViolations(EntityConstraintViolationListInterface $violat
       'timezone',
       'langcode',
       'preferred_langcode',
-      'preferred_admin_langcode',
+      'preferred_admin_langcode'
     );
     foreach ($violations->getByFields($field_names) as $violation) {
       list($field_name) = explode('.', $violation->getPropertyPath(), 2);
@@ -396,7 +396,7 @@ public function submitForm(array &$form, FormStateInterface $form_state) {
       // Send a verification to the new email address.
       $account_cloned = clone $account;
       $account_cloned->setEmail($new_mail);
-      if (_user_mail_notify('mail_change_verification', $account_cloned, NULL)) {
+      if (_user_mail_notify('mail_change_verification', $account_cloned)) {
         // Send notification email to the old email address.
         $account->setEmail($old_mail);
         _user_mail_notify('mail_change_notification', $account);
diff --git a/core/modules/user/src/AccountSettingsForm.php b/core/modules/user/src/AccountSettingsForm.php
index 46ad8d2..90cc974 100644
--- a/core/modules/user/src/AccountSettingsForm.php
+++ b/core/modules/user/src/AccountSettingsForm.php
@@ -109,8 +109,8 @@ public function buildForm(array $form, FormStateInterface $form_state) {
       '#title' => $this->t('Administrator role'),
       '#open' => TRUE,
     );
-    // Do not allow users to set the anonymous or authenticated user roles as
-    // the administrator role.
+    // Do not allow users to set the anonymous or authenticated user roles as the
+    // administrator role.
     $roles = user_role_names(TRUE);
     unset($roles[RoleInterface::AUTHENTICATED_ID]);
 
@@ -157,13 +157,13 @@ public function buildForm(array $form, FormStateInterface $form_state) {
         USER_REGISTER_ADMINISTRATORS_ONLY => $this->t('Administrators only'),
         USER_REGISTER_VISITORS => $this->t('Visitors'),
         USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL => $this->t('Visitors, but administrator approval is required'),
-      ),
+      )
     );
     $form['registration_cancellation']['user_email_verification'] = array(
       '#type' => 'checkbox',
       '#title' => $this->t('Require email verification when a visitor creates an account'),
       '#default_value' => $config->get('verify_mail'),
-      '#description' => $this->t('New users will be required to validate their email address prior to logging into the site, and will be assigned a system-generated password. With this setting disabled, users will be logged in immediately upon registering, and may select their own passwords during registration.'),
+      '#description' => $this->t('New users will be required to validate their email address prior to logging into the site, and will be assigned a system-generated password. With this setting disabled, users will be logged in immediately upon registering, and may select their own passwords during registration.')
     );
     $form['registration_cancellation']['user_password_strength'] = array(
       '#type' => 'checkbox',
@@ -174,13 +174,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
       '#type' => 'radios',
       '#title' => $this->t('When cancelling a user account'),
       '#default_value' => $config->get('cancel_method'),
-      '#description' => $this->t('Users with the %select-cancel-method or %administer-users <a href=":permissions-url">permissions</a> can override this default method.',
-        array(
-          '%select-cancel-method' => $this->t('Select method for cancelling account'),
-          '%administer-users' => $this->t('Administer users'),
-          ':permissions-url' => $this->url('user.admin_permissions'),
-        )
-      ),
+      '#description' => $this->t('Users with the %select-cancel-method or %administer-users <a href=":permissions-url">permissions</a> can override this default method.', array('%select-cancel-method' => $this->t('Select method for cancelling account'), '%administer-users' => $this->t('Administer users'), ':permissions-url' => $this->url('user.admin_permissions'))),
     );
     $form['registration_cancellation']['user_cancel_method'] += user_cancel_methods();
     foreach (Element::children($form['registration_cancellation']['user_cancel_method']) as $key) {
@@ -225,7 +219,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
     $form['email_admin_created']['user_mail_register_admin_created_body'] = array(
       '#type' => 'textarea',
       '#title' => $this->t('Body'),
-      '#default_value' => $mail_config->get('register_admin_created.body'),
+      '#default_value' =>  $mail_config->get('register_admin_created.body'),
       '#rows' => 15,
     );
 
diff --git a/core/modules/user/src/Controller/ChangeEmailController.php b/core/modules/user/src/Controller/ChangeEmailController.php
index fc59936..a422866 100644
--- a/core/modules/user/src/Controller/ChangeEmailController.php
+++ b/core/modules/user/src/Controller/ChangeEmailController.php
@@ -36,7 +36,7 @@ class ChangeEmailController extends ControllerBase {
    * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
    *   If the timestamp passed is in the future.
    */
-  public function changeEmailPage($uid, $timestamp, $new_mail) {
+  public function page($uid, $timestamp, $new_mail) {
     /** @var \Drupal\user\UserInterface $account */
     $account = $this->entityTypeManager()->getStorage('user')->load($uid);
 
@@ -84,7 +84,7 @@ public function changeEmailPage($uid, $timestamp, $new_mail) {
    *   A unique URL that provides a one-time email change confirmation for the
    *   user.
    */
-  public static function changeEmailUrl(UserInterface $account, array $options = [], $timestamp = REQUEST_TIME, $hash = NULL) {
+  public static function url(UserInterface $account, array $options = [], $timestamp = REQUEST_TIME, $hash = NULL) {
     $langcode = isset($options['langcode']) ? $options['langcode'] : $account->getPreferredLangcode();
     $hash = empty($hash) ? self::getHash($account, $timestamp) : $hash;
     $url_options = ['absolute' => TRUE, 'language' => \Drupal::getContainer()->get('language_manager')->getLanguage($langcode)];
@@ -111,6 +111,8 @@ public static function getHash(UserInterface $account, $timestamp) {
     $data = $timestamp;
     $data .= $account->id();
     $data .= $account->getEmail();
+    $data .= $account->getCreatedTime();
+    $data .= $account->getInitEmail();
     return Crypt::hmacBase64($data, Settings::getHashSalt() . $account->getPassword());
   }
 
@@ -129,7 +131,7 @@ public static function getHash(UserInterface $account, $timestamp) {
    * @return \Drupal\Core\Access\AccessResultInterface
    *   An access result
    */
-  public function changeEmailAccess($uid, $timestamp, $hash, $new_mail) {
+  public function access($uid, $timestamp, $hash, $new_mail) {
     /** @var \Drupal\user\UserInterface $account */
     $account = $this->entityTypeManager()->getStorage('user')->load($uid);
     $account->setEmail($new_mail);
diff --git a/core/modules/user/src/Tests/UserTokenReplaceTest.php b/core/modules/user/src/Tests/UserTokenReplaceTest.php
index 32cad7a..25f6ed7 100644
--- a/core/modules/user/src/Tests/UserTokenReplaceTest.php
+++ b/core/modules/user/src/Tests/UserTokenReplaceTest.php
@@ -135,7 +135,7 @@ function testUserTokenReplacement() {
     // Generate login and cancel link.
     $tests = array();
     $tests['[user:one-time-login-url]'] = user_pass_reset_url($account);
-    $tests['[user:mail-change-login-url]'] = ChangeEmailController::changeEmailUrl($account)->toString();
+    $tests['[user:mail-change-login-url]'] = ChangeEmailController::url($account)->toString();
     $tests['[user:cancel-url]'] = user_cancel_url($account);
 
     // Generate tokens with interface language.
diff --git a/core/modules/user/user.install b/core/modules/user/user.install
index ad523f8..121f262 100644
--- a/core/modules/user/user.install
+++ b/core/modules/user/user.install
@@ -88,7 +88,6 @@ function user_install() {
     ->save();
 }
 
-
 /**
  * Updates config for change mail notifications.
  */
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index f58b3d4..bcf7997 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -578,12 +578,13 @@ function user_user_logout($account) {
  *   they can change their password.
  */
 function user_pass_reset_url($account, $options = array()) {
+  $timestamp = REQUEST_TIME;
   $langcode = isset($options['langcode']) ? $options['langcode'] : $account->getPreferredLangcode();
   return \Drupal::url('user.reset',
     array(
       'uid' => $account->id(),
-      'timestamp' => REQUEST_TIME,
-      'hash' => user_pass_rehash($account, REQUEST_TIME),
+      'timestamp' => $timestamp,
+      'hash' => user_pass_rehash($account, $timestamp),
     ),
     array(
       'absolute' => TRUE,
@@ -948,7 +949,7 @@ function user_mail($key, &$message, $params) {
 function user_mail_tokens(&$replacements, $data, $options) {
   if (isset($data['user'])) {
     $replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user'], $options);
-    $replacements['[user:mail-change-login-url]'] = ChangeEmailController::changeEmailUrl($data['user'], $options)->toString();
+    $replacements['[user:mail-change-login-url]'] = ChangeEmailController::url($data['user'], $options)->toString();
     $replacements['[user:cancel-url]'] = user_cancel_url($data['user'], $options);
   }
 }
diff --git a/core/modules/user/user.routing.yml b/core/modules/user/user.routing.yml
index 2654a26..25b27d2 100644
--- a/core/modules/user/user.routing.yml
+++ b/core/modules/user/user.routing.yml
@@ -154,10 +154,10 @@ user.reset:
 user.change_email:
   path: '/user/change-mail/{uid}/{timestamp}/{new_mail}/{hash}'
   defaults:
-    _controller: '\Drupal\user\Controller\ChangeEmailController::changeEmailPage'
+    _controller: '\Drupal\user\Controller\ChangeEmailController::page'
     _title: 'Change email address'
   requirements:
-    _custom_access: '\Drupal\user\Controller\ChangeEmailController::changeEmailAccess'
+    _custom_access: '\Drupal\user\Controller\ChangeEmailController::access'
   options:
     _maintenance_access: TRUE
     no_cache: TRUE