diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index c0c7b117f696b..4cebabecf02ba 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -44,35 +44,38 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
 	}
 }
 
-// CommonRoutes provide endpoints for most package managers (except containers - see below)
-// These are mounted on `/api/packages` (not `/api/v1/packages`)
-func CommonRoutes(ctx gocontext.Context) *web.Route {
-	r := web.NewRoute()
-
-	r.Use(context.PackageContexter(ctx))
-
-	authMethods := []auth.Method{
-		&auth.OAuth2{},
-		&auth.Basic{},
-		&nuget.Auth{},
-		&conan.Auth{},
-		&chef.Auth{},
-	}
+func verifyAuth(r *web.Route, authMethods []auth.Method) {
 	if setting.Service.EnableReverseProxyAuth {
 		authMethods = append(authMethods, &auth.ReverseProxy{})
 	}
-
 	authGroup := auth.NewGroup(authMethods...)
+
 	r.Use(func(ctx *context.Context) {
 		var err error
 		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
 		if err != nil {
-			log.Error("Verify: %v", err)
+			log.Error("Failed to verify user: %v", err)
 			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
 			return
 		}
 		ctx.IsSigned = ctx.Doer != nil
 	})
+}
+
+// CommonRoutes provide endpoints for most package managers (except containers - see below)
+// These are mounted on `/api/packages` (not `/api/v1/packages`)
+func CommonRoutes(ctx gocontext.Context) *web.Route {
+	r := web.NewRoute()
+
+	r.Use(context.PackageContexter(ctx))
+
+	verifyAuth(r, []auth.Method{
+		&auth.OAuth2{},
+		&auth.Basic{},
+		&nuget.Auth{},
+		&conan.Auth{},
+		&chef.Auth{},
+	})
 
 	r.Group("/{username}", func() {
 		r.Group("/cargo", func() {
@@ -437,24 +440,9 @@ func ContainerRoutes(ctx gocontext.Context) *web.Route {
 
 	r.Use(context.PackageContexter(ctx))
 
-	authMethods := []auth.Method{
+	verifyAuth(r, []auth.Method{
 		&auth.Basic{},
 		&container.Auth{},
-	}
-	if setting.Service.EnableReverseProxyAuth {
-		authMethods = append(authMethods, &auth.ReverseProxy{})
-	}
-
-	authGroup := auth.NewGroup(authMethods...)
-	r.Use(func(ctx *context.Context) {
-		var err error
-		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
-		if err != nil {
-			log.Error("Failed to verify user: %v", err)
-			ctx.Error(http.StatusUnauthorized, "Verify")
-			return
-		}
-		ctx.IsSigned = ctx.Doer != nil
 	})
 
 	r.Get("", container.ReqContainerAccess, container.DetermineSupport)
diff --git a/routers/api/packages/container/auth.go b/routers/api/packages/container/auth.go
index 33f439ec3e588..6fb32c389d861 100644
--- a/routers/api/packages/container/auth.go
+++ b/routers/api/packages/container/auth.go
@@ -30,13 +30,10 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 	if uid == 0 {
 		return nil, nil
 	}
-	if uid == -1 {
-		return user_model.NewGhostUser(), nil
-	}
 
-	u, err := user_model.GetUserByID(req.Context(), uid)
+	u, err := user_model.GetPossibleUserByID(req.Context(), uid)
 	if err != nil {
-		log.Error("GetUserByID:  %v", err)
+		log.Error("GetPossibleUserByID:  %v", err)
 		return nil, err
 	}