diff --git a/test/api/v4/user/auth/POST-register_local.test.js b/test/api/v4/user/auth/POST-register_local.test.js
index c995ac3615..62df06f307 100644
--- a/test/api/v4/user/auth/POST-register_local.test.js
+++ b/test/api/v4/user/auth/POST-register_local.test.js
@@ -473,7 +473,7 @@ describe('POST /user/auth/local/register', () => {
     });
 
     it('rejects if username is already taken', async () => {
-      let uniqueEmail = `${generateRandomUserName()}@exampe.com`;
+      let uniqueEmail = `${generateRandomUserName()}@example.com`;
       let password = 'password';
 
       await expect(api.post('/user/auth/local/register', {
diff --git a/website/server/libs/auth/index.js b/website/server/libs/auth/index.js
index 072eb550c2..f783c59b40 100644
--- a/website/server/libs/auth/index.js
+++ b/website/server/libs/auth/index.js
@@ -117,7 +117,11 @@ async function registerLocal (req, res, { isV3 = false }) {
   if (user) {
     if (email === user.auth.local.email) throw new NotAuthorized(res.t('emailTaken'));
     // Check that the lowercase username isn't already used
-    if (lowerCaseUsername === user.auth.local.lowerCaseUsername && existingUser._id !== user._id) throw new NotAuthorized(res.t('usernameTaken'));
+    if (existingUser) {
+      if (lowerCaseUsername === user.auth.local.lowerCaseUsername && existingUser._id !== user._id) throw new NotAuthorized(res.t('usernameTaken'));
+    } else if (lowerCaseUsername === user.auth.local.lowerCaseUsername) {
+      throw new NotAuthorized(res.t('usernameTaken'));
+    }
   }
 
   let hashed_password = await passwordUtils.bcryptHash(password); // eslint-disable-line camelcase