diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
index 675ab96559..b9ef19e6e6 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
@@ -26,6 +26,7 @@ import com.google.gerrit.extensions.restapi.RestModifyView;
 import com.google.gerrit.reviewdb.client.AuthType;
 import com.google.gerrit.reviewdb.client.Account.FieldName;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.CreateEmail.Input;
 import com.google.gerrit.server.account.GetEmails.EmailInfo;
 import com.google.gerrit.server.config.AuthConfig;
@@ -87,36 +88,43 @@ public class CreateEmail implements RestModifyView<AccountResource, Input> {
       throw new AuthException("not allowed to add email address");
     }
 
-    if (!realm.allowsEdit(FieldName.REGISTER_NEW_EMAIL)) {
-      throw new MethodNotAllowedException("realm does not allow adding emails");
-    }
-
     if (input == null) {
       input = new Input();
     }
 
-    if (input.email != null && !email.equals(input.email)) {
-      throw new BadRequestException("email address must match URL");
-    }
-
     if (input.noConfirmation
         && !self.get().getCapabilities().canAdministrateServer()) {
       throw new AuthException("must be administrator to use no_confirmation");
     }
 
+    return apply(rsrc.getUser(), input);
+  }
+
+  public Response<EmailInfo> apply(IdentifiedUser user, Input input)
+      throws AuthException, BadRequestException, ResourceConflictException,
+      ResourceNotFoundException, OrmException, EmailException,
+      MethodNotAllowedException {
+    if (!realm.allowsEdit(FieldName.REGISTER_NEW_EMAIL)) {
+      throw new MethodNotAllowedException("realm does not allow adding emails");
+    }
+
+    if (input.email != null && !email.equals(input.email)) {
+      throw new BadRequestException("email address must match URL");
+    }
+
     EmailInfo info = new EmailInfo();
     info.email = email;
     if (input.noConfirmation
         || authConfig.getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
       try {
-        accountManager.link(rsrc.getUser().getAccountId(),
+        accountManager.link(user.getAccountId(),
             AuthRequest.forEmail(email));
       } catch (AccountException e) {
         throw new ResourceConflictException(e.getMessage());
       }
       if (input.preferred) {
         putPreferredProvider.get().apply(
-            new AccountResource.Email(rsrc.getUser(), email),
+            new AccountResource.Email(user, email),
             null);
         info.preferred = true;
       }
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
index b38c49b315..5e0597b3aa 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
@@ -24,6 +24,7 @@ import com.google.gerrit.reviewdb.client.Account.FieldName;
 import com.google.gerrit.reviewdb.client.AccountExternalId;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.DeleteEmail.Input;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
@@ -55,18 +56,24 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
         && !self.get().getCapabilities().canAdministrateServer()) {
       throw new AuthException("not allowed to delete email address");
     }
+    return apply(rsrc.getUser(), rsrc.getEmail());
+  }
+
+  public Response<?> apply(IdentifiedUser user, String email)
+      throws ResourceNotFoundException, ResourceConflictException,
+      MethodNotAllowedException, OrmException {
     if (!realm.allowsEdit(FieldName.REGISTER_NEW_EMAIL)) {
       throw new MethodNotAllowedException("realm does not allow deleting emails");
     }
     AccountExternalId.Key key = new AccountExternalId.Key(
-        AccountExternalId.SCHEME_MAILTO, rsrc.getEmail());
+        AccountExternalId.SCHEME_MAILTO, email);
     AccountExternalId extId = dbProvider.get().accountExternalIds().get(key);
     if (extId == null) {
-      throw new ResourceNotFoundException(rsrc.getEmail());
+      throw new ResourceNotFoundException(email);
     }
     try {
-      accountManager.unlink(rsrc.getUser().getAccountId(),
-          AuthRequest.forEmail(rsrc.getEmail()));
+      accountManager.unlink(user.getAccountId(),
+          AuthRequest.forEmail(email));
     } catch (AccountException e) {
       throw new ResourceConflictException(e.getMessage());
     }
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
index f198b77cba..8c878d758b 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
@@ -21,6 +21,7 @@ import com.google.gerrit.extensions.restapi.RestReadView;
 import com.google.gerrit.reviewdb.client.AccountSshKey;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.IdentifiedUser;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
@@ -45,10 +46,13 @@ public class GetSshKeys implements RestReadView<AccountResource> {
         && !self.get().getCapabilities().canAdministrateServer()) {
       throw new AuthException("not allowed to get SSH keys");
     }
+    return apply(rsrc.getUser());
+  }
 
+  public List<SshKeyInfo> apply(IdentifiedUser user) throws OrmException {
     List<SshKeyInfo> sshKeys = Lists.newArrayList();
     for (AccountSshKey sshKey : dbProvider.get().accountSshKeys()
-        .byAccount(rsrc.getUser().getAccountId()).toList()) {
+        .byAccount(user.getAccountId()).toList()) {
       sshKeys.add(new SshKeyInfo(sshKey));
     }
     return sshKeys;
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
index 0601b8d101..f7061e3738 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
@@ -25,6 +25,7 @@ import com.google.gerrit.extensions.restapi.RestModifyView;
 import com.google.gerrit.reviewdb.client.AccountExternalId;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.PutHttpPassword.Input;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
@@ -94,21 +95,24 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
       }
       newPassword = input.httpPassword;
     }
+    return apply(rsrc.getUser(), newPassword);
+  }
 
-    if (rsrc.getUser().getUserName() == null) {
+  public Response<String> apply(IdentifiedUser user, String newPassword)
+      throws ResourceNotFoundException, ResourceConflictException, OrmException {
+    if (user.getUserName() == null) {
       throw new ResourceConflictException("username must be set");
     }
 
     AccountExternalId id = dbProvider.get().accountExternalIds()
         .get(new AccountExternalId.Key(
-            SCHEME_USERNAME,
-            rsrc.getUser().getUserName()));
+            SCHEME_USERNAME, user.getUserName()));
     if (id == null) {
       throw new ResourceNotFoundException();
     }
     id.setPassword(newPassword);
     dbProvider.get().accountExternalIds().update(Collections.singleton(id));
-    accountCache.evict(rsrc.getUser().getAccountId());
+    accountCache.evict(user.getAccountId());
 
     return Strings.isNullOrEmpty(newPassword)
         ? Response.<String>none()
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
index 50497c7218..6f3c032da4 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
@@ -25,6 +25,7 @@ import com.google.gerrit.reviewdb.client.Account;
 import com.google.gerrit.reviewdb.client.Account.FieldName;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.PutName.Input;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
@@ -60,7 +61,11 @@ public class PutName implements RestModifyView<AccountResource, Input> {
         && !self.get().getCapabilities().canAdministrateServer()) {
       throw new AuthException("not allowed to change name");
     }
+    return apply(rsrc.getUser(), input);
+  }
 
+  public Response<String> apply(IdentifiedUser user, Input input)
+      throws MethodNotAllowedException, ResourceNotFoundException, OrmException {
     if (!realm.allowsEdit(FieldName.FULL_NAME)) {
       throw new MethodNotAllowedException("realm does not allow editing name");
     }
@@ -69,7 +74,7 @@ public class PutName implements RestModifyView<AccountResource, Input> {
       input = new Input();
     }
 
-    Account a = dbProvider.get().accounts().get(rsrc.getUser().getAccountId());
+    Account a = dbProvider.get().accounts().get(user.getAccountId());
     if (a == null) {
       throw new ResourceNotFoundException("account not found");
     }
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
index d81f3613f5..8fc2e6cbfe 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
@@ -21,6 +21,7 @@ import com.google.gerrit.extensions.restapi.RestModifyView;
 import com.google.gerrit.reviewdb.client.Account;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.PutPreferred.Input;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
@@ -52,15 +53,19 @@ public class PutPreferred implements
         && !self.get().getCapabilities().canAdministrateServer()) {
       throw new AuthException("not allowed to set preferred email address");
     }
+    return apply(rsrc.getUser(), rsrc.getEmail());
+  }
 
-    Account a = dbProvider.get().accounts().get(rsrc.getUser().getAccountId());
+  public Response<String> apply(IdentifiedUser user, String email)
+      throws ResourceNotFoundException, OrmException {
+    Account a = dbProvider.get().accounts().get(user.getAccountId());
     if (a == null) {
       throw new ResourceNotFoundException("account not found");
     }
-    if (rsrc.getEmail().equals(a.getPreferredEmail())) {
+    if (email.equals(a.getPreferredEmail())) {
       return Response.ok("");
     }
-    a.setPreferredEmail(rsrc.getEmail());
+    a.setPreferredEmail(email);
     dbProvider.get().accounts().update(Collections.singleton(a));
     byIdCache.evict(a.getId());
     return Response.created("");