From 28aac19db942c05b401cd425fb8259ff6d40d218 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Berk=20Demirk=C4=B1r?= <bdemirkir@users.noreply.github.com>
Date: Mon, 2 Jan 2017 21:03:10 +0200
Subject: [PATCH 1/3] Check primary email address fields on CreateUser

As this check wasn't available, uid=1 (and possibly guests too, if registration is open) is able to register new users with existing email addresses. This leads to numerous 500 errors.
---
 models/user.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/models/user.go b/models/user.go
index 9f19b1c84ed9..5bab100f4265 100644
--- a/models/user.go
+++ b/models/user.go
@@ -598,6 +598,15 @@ func CreateUser(u *User) (err error) {
 	} else if isExist {
 		return ErrUserAlreadyExist{u.Name}
 	}
+	
+	has, err := e.
+		Where("email=?", u.Email).
+		Get(new(User))
+	if err != nil {
+		return err
+	} else if has {
+		return ErrEmailAlreadyUsed{u.Email}
+	}
 
 	u.Email = strings.ToLower(u.Email)
 	isExist, err = IsEmailUsed(u.Email)

From 4f646ad48da0ec07e204adf51ef9488dab7a598a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Berk=20Demirk=C4=B1r?= <bdemirkir@users.noreply.github.com>
Date: Mon, 2 Jan 2017 21:09:13 +0200
Subject: [PATCH 2/3] Update user.go

---
 models/user.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/models/user.go b/models/user.go
index 5bab100f4265..227bf970fbcc 100644
--- a/models/user.go
+++ b/models/user.go
@@ -599,7 +599,7 @@ func CreateUser(u *User) (err error) {
 		return ErrUserAlreadyExist{u.Name}
 	}
 	
-	has, err := e.
+	has, err := x.
 		Where("email=?", u.Email).
 		Get(new(User))
 	if err != nil {

From 39518d30f9244f4e680023aabca96f591fd140bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Berk=20Demirk=C4=B1r?= <bdemirkir@users.noreply.github.com>
Date: Mon, 2 Jan 2017 21:17:41 +0200
Subject: [PATCH 3/3] Lower the email first. Then check

---
 models/user.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/models/user.go b/models/user.go
index 227bf970fbcc..10c200e5b40c 100644
--- a/models/user.go
+++ b/models/user.go
@@ -598,7 +598,8 @@ func CreateUser(u *User) (err error) {
 	} else if isExist {
 		return ErrUserAlreadyExist{u.Name}
 	}
-	
+
+	u.Email = strings.ToLower(u.Email)
 	has, err := x.
 		Where("email=?", u.Email).
 		Get(new(User))
@@ -608,7 +609,6 @@ func CreateUser(u *User) (err error) {
 		return ErrEmailAlreadyUsed{u.Email}
 	}
 
-	u.Email = strings.ToLower(u.Email)
 	isExist, err = IsEmailUsed(u.Email)
 	if err != nil {
 		return err