diff --git a/services/auth/signin.go b/services/auth/signin.go
index aa9a9660c0..3ccf68c3a7 100644
--- a/services/auth/signin.go
+++ b/services/auth/signin.go
@@ -23,19 +23,23 @@ import (
 // UserSignIn validates user name and password.
 func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) {
 	var user *user_model.User
+	isEmail := false
 	if strings.Contains(username, "@") {
+		isEmail = true
 		emailAddress := user_model.EmailAddress{LowerEmail: strings.ToLower(strings.TrimSpace(username))}
 		// check same email
-		has, err := db.GetEngine(db.DefaultContext).Where("is_activated=?", true).Get(&emailAddress)
+		has, err := db.GetEngine(db.DefaultContext).Get(&emailAddress)
 		if err != nil {
 			return nil, nil, err
 		}
-		if !has {
-			return nil, nil, user_model.ErrEmailAddressNotExist{
-				Email: username,
+		if has {
+			if !emailAddress.IsActivated {
+				return nil, nil, user_model.ErrEmailAddressNotExist{
+					Email: username,
+				}
 			}
+			user = &user_model.User{ID: emailAddress.UID}
 		}
-		user = &user_model.User{ID: emailAddress.UID}
 	} else {
 		trimmedUsername := strings.TrimSpace(username)
 		if len(trimmedUsername) == 0 {
@@ -45,38 +49,40 @@ func UserSignIn(username, password string) (*user_model.User, *auth.Source, erro
 		user = &user_model.User{LowerName: strings.ToLower(trimmedUsername)}
 	}
 
-	hasUser, err := user_model.GetUser(user)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	if hasUser {
-		source, err := auth.GetSourceByID(user.LoginSource)
+	if user != nil {
+		hasUser, err := user_model.GetUser(user)
 		if err != nil {
 			return nil, nil, err
 		}
 
-		if !source.IsActive {
-			return nil, nil, oauth2.ErrAuthSourceNotActived
-		}
+		if hasUser {
+			source, err := auth.GetSourceByID(user.LoginSource)
+			if err != nil {
+				return nil, nil, err
+			}
 
-		authenticator, ok := source.Cfg.(PasswordAuthenticator)
-		if !ok {
-			return nil, nil, smtp.ErrUnsupportedLoginType
-		}
+			if !source.IsActive {
+				return nil, nil, oauth2.ErrAuthSourceNotActived
+			}
 
-		user, err := authenticator.Authenticate(user, user.LoginName, password)
-		if err != nil {
-			return nil, nil, err
-		}
+			authenticator, ok := source.Cfg.(PasswordAuthenticator)
+			if !ok {
+				return nil, nil, smtp.ErrUnsupportedLoginType
+			}
 
-		// WARN: DON'T check user.IsActive, that will be checked on reqSign so that
-		// user could be hint to resend confirm email.
-		if user.ProhibitLogin {
-			return nil, nil, user_model.ErrUserProhibitLogin{UID: user.ID, Name: user.Name}
-		}
+			user, err := authenticator.Authenticate(user, user.LoginName, password)
+			if err != nil {
+				return nil, nil, err
+			}
 
-		return user, source, nil
+			// WARN: DON'T check user.IsActive, that will be checked on reqSign so that
+			// user could be hint to resend confirm email.
+			if user.ProhibitLogin {
+				return nil, nil, user_model.ErrUserProhibitLogin{UID: user.ID, Name: user.Name}
+			}
+
+			return user, source, nil
+		}
 	}
 
 	sources, err := auth.AllActiveSources()
@@ -111,5 +117,9 @@ func UserSignIn(username, password string) (*user_model.User, *auth.Source, erro
 		}
 	}
 
+	if isEmail {
+		return nil, nil, user_model.ErrEmailAddressNotExist{Email: username}
+	}
+
 	return nil, nil, user_model.ErrUserNotExist{Name: username}
 }