diff --git a/plume-models/src/email_signups.rs b/plume-models/src/email_signups.rs
index fe17e34f..6867e7c7 100644
--- a/plume-models/src/email_signups.rs
+++ b/plume-models/src/email_signups.rs
@@ -90,27 +90,31 @@ impl EmailSignup {
     }
 
     pub fn confirm(&self, conn: &DbConn) -> Result<()> {
-        Self::ensure_user_not_exist_by_email(conn, &self.email)?;
-        if self.expired() {
-            Self::delete_existings_by_email(conn, &self.email)?;
-            return Err(Error::Expired);
-        }
-        Ok(())
+        conn.transaction(|| {
+            Self::ensure_user_not_exist_by_email(conn, &self.email)?;
+            if self.expired() {
+                Self::delete_existings_by_email(conn, &self.email)?;
+                return Err(Error::Expired);
+            }
+            Ok(())
+        })
     }
 
     pub fn complete(&self, conn: &DbConn, username: String, password: String) -> Result<User> {
-        Self::ensure_user_not_exist_by_email(conn, &self.email)?;
-        let user = NewUser::new_local(
-            conn,
-            username,
-            "".to_string(),
-            Role::Normal,
-            "",
-            self.email.clone(),
-            Some(User::hash_pass(&password)?),
-        )?;
-        self.delete(conn)?;
-        Ok(user)
+        conn.transaction(|| {
+            Self::ensure_user_not_exist_by_email(conn, &self.email)?;
+            let user = NewUser::new_local(
+                conn,
+                username,
+                "".to_string(),
+                Role::Normal,
+                "",
+                self.email.clone(),
+                Some(User::hash_pass(&password)?),
+            )?;
+            self.delete(conn)?;
+            Ok(user)
+        })
     }
 
     fn delete(&self, conn: &DbConn) -> Result<()> {