diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index c0c7b117f6..4cebabecf0 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -44,6 +44,24 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
 	}
 }
 
+func verifyAuth(r *web.Route, authMethods []auth.Method) {
+	if setting.Service.EnableReverseProxyAuth {
+		authMethods = append(authMethods, &auth.ReverseProxy{})
+	}
+	authGroup := auth.NewGroup(authMethods...)
+
+	r.Use(func(ctx *context.Context) {
+		var err error
+		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
+		if err != nil {
+			log.Error("Failed to verify user: %v", err)
+			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
+			return
+		}
+		ctx.IsSigned = ctx.Doer != nil
+	})
+}
+
 // CommonRoutes provide endpoints for most package managers (except containers - see below)
 // These are mounted on `/api/packages` (not `/api/v1/packages`)
 func CommonRoutes(ctx gocontext.Context) *web.Route {
@@ -51,27 +69,12 @@ func CommonRoutes(ctx gocontext.Context) *web.Route {
 
 	r.Use(context.PackageContexter(ctx))
 
-	authMethods := []auth.Method{
+	verifyAuth(r, []auth.Method{
 		&auth.OAuth2{},
 		&auth.Basic{},
 		&nuget.Auth{},
 		&conan.Auth{},
 		&chef.Auth{},
-	}
-	if setting.Service.EnableReverseProxyAuth {
-		authMethods = append(authMethods, &auth.ReverseProxy{})
-	}
-
-	authGroup := auth.NewGroup(authMethods...)
-	r.Use(func(ctx *context.Context) {
-		var err error
-		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
-		if err != nil {
-			log.Error("Verify: %v", err)
-			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
-			return
-		}
-		ctx.IsSigned = ctx.Doer != nil
 	})
 
 	r.Group("/{username}", func() {
@@ -437,24 +440,9 @@ func ContainerRoutes(ctx gocontext.Context) *web.Route {
 
 	r.Use(context.PackageContexter(ctx))
 
-	authMethods := []auth.Method{
+	verifyAuth(r, []auth.Method{
 		&auth.Basic{},
 		&container.Auth{},
-	}
-	if setting.Service.EnableReverseProxyAuth {
-		authMethods = append(authMethods, &auth.ReverseProxy{})
-	}
-
-	authGroup := auth.NewGroup(authMethods...)
-	r.Use(func(ctx *context.Context) {
-		var err error
-		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
-		if err != nil {
-			log.Error("Failed to verify user: %v", err)
-			ctx.Error(http.StatusUnauthorized, "Verify")
-			return
-		}
-		ctx.IsSigned = ctx.Doer != nil
 	})
 
 	r.Get("", container.ReqContainerAccess, container.DetermineSupport)
diff --git a/routers/api/packages/container/auth.go b/routers/api/packages/container/auth.go
index 33f439ec3e..6fb32c389d 100644
--- a/routers/api/packages/container/auth.go
+++ b/routers/api/packages/container/auth.go
@@ -30,13 +30,10 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 	if uid == 0 {
 		return nil, nil
 	}
-	if uid == -1 {
-		return user_model.NewGhostUser(), nil
-	}
 
-	u, err := user_model.GetUserByID(req.Context(), uid)
+	u, err := user_model.GetPossibleUserByID(req.Context(), uid)
 	if err != nil {
-		log.Error("GetUserByID:  %v", err)
+		log.Error("GetPossibleUserByID:  %v", err)
 		return nil, err
 	}