diff --git a/server/api/auth.js b/server/api/auth.js
index a1a82a87..a138aedc 100644
--- a/server/api/auth.js
+++ b/server/api/auth.js
@@ -10,6 +10,13 @@ const Auth = {
     return oauth.oauthServer.authenticate()(req, res, next)
   },
 
+  fillUser (req, res, next) {
+    oauth.oauthServer.authenticate()(req, res, () => {
+      req.user = res.locals.oauth.token.user
+      next()
+    })
+  },
+
   /** isAdmin middleware */
   isAdmin (req, res, next) {
     oauth.oauthServer.authenticate()(req, res, () => {
diff --git a/server/api/index.js b/server/api/index.js
index b9cc31ff..af481a81 100644
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -2,7 +2,7 @@ const express = require('express')
 const multer = require('multer')
 const cors = require('cors')()
 
-const { isAuth, isAdmin, hasPerm } = require('./auth')
+const { isAuth, isAdmin, hasPerm, fillUser } = require('./auth')
 const eventController = require('./controller/event')
 const exportController = require('./controller/export')
 const userController = require('./controller/user')
@@ -46,7 +46,7 @@ api.get('/users', isAdmin, userController.getAll)
 api.put('/place', isAdmin, eventController.updatePlace)
 
 // add event
-api.post('/user/event', upload.single('image'), userController.addEvent)
+api.post('/user/event', fillUser, upload.single('image'), userController.addEvent)
 
 // update event
 api.put('/user/event', hasPerm('event:write'), upload.single('image'), userController.updateEvent)