diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a60f2900..e35c39351 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,12 +6,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 ### Added
+
 - support for legacy environment variables
 - support for legacy workspace based on repository name
 - support for github deployment hooks
 - provide base sha for github pull requests
 - option to filter webhooks by event and type
 
+### Fixed
+
+- error when manually creating an empty user, by [@bradrydzewski](https://github.com/bradrydzewski). [#2738](https://github.com/drone/drone/issues/2738).
+
 ## [1.2.1] - 2019-06-11
 ### Added
 
diff --git a/handler/api/users/create.go b/handler/api/users/create.go
index b10f4291b..c48bc7240 100644
--- a/handler/api/users/create.go
+++ b/handler/api/users/create.go
@@ -55,9 +55,15 @@ func HandleCreate(users core.UserStore, sender core.WebhookSender) http.HandlerF
 		if user.Hash == "" {
 			user.Hash = uniuri.NewLen(32)
 		}
-		//
-		// TODO(bradrydzewski) validate the user.Login with a user.Validate() function
-		//
+
+		err = user.Validate()
+		if err != nil {
+			render.ErrorCode(w, err, 400)
+			logger.FromRequest(r).WithError(err).
+				Errorln("api: invlid username")
+			return
+		}
+
 		err = users.Create(r.Context(), user)
 		if err == core.ErrUserLimit {
 			render.ErrorCode(w, err, 402)