diff --git a/auth/proxy.go b/auth/proxy.go
index 9d140540..0e954309 100644
--- a/auth/proxy.go
+++ b/auth/proxy.go
@@ -23,39 +23,45 @@ func (a ProxyAuth) Auth(r *http.Request, usr users.Store, setting *settings.Sett
 	username := r.Header.Get(a.Header)
 	user, err := usr.Get(srv.Root, username)
 	if errors.Is(err, fbErrors.ErrNotExist) {
-		randomPasswordBytes := make([]byte, 32) //nolint:gomnd
-		_, err = rand.Read(randomPasswordBytes)
-		if err != nil {
-			return nil, err
-		}
+		return a.createUser(usr, setting, srv, username)
+	}
+	return user, err
+}
 
-		var hashedRandomPassword string
-		hashedRandomPassword, err = users.HashPwd(string(randomPasswordBytes))
-		if err != nil {
-			return nil, err
-		}
-
-		user = &users.User{
-			Username:     username,
-			Password:     hashedRandomPassword,
-			LockPassword: true,
-		}
-		setting.Defaults.Apply(user)
-
-		var userHome string
-		userHome, err = setting.MakeUserDir(user.Username, user.Scope, srv.Root)
-		if err != nil {
-			return nil, err
-		}
-		user.Scope = userHome
-
-		err = usr.Save(user)
-		if err != nil {
-			return nil, err
-		}
+func (a ProxyAuth) createUser(usr users.Store, setting *settings.Settings, srv *settings.Server, username string) (*users.User, error) {
+	const passwordSize = 32
+	randomPasswordBytes := make([]byte, passwordSize)
+	_, err := rand.Read(randomPasswordBytes)
+	if err != nil {
+		return nil, err
 	}
 
-	return user, err
+	var hashedRandomPassword string
+	hashedRandomPassword, err = users.HashPwd(string(randomPasswordBytes))
+	if err != nil {
+		return nil, err
+	}
+
+	user := &users.User{
+		Username:     username,
+		Password:     hashedRandomPassword,
+		LockPassword: true,
+	}
+	setting.Defaults.Apply(user)
+
+	var userHome string
+	userHome, err = setting.MakeUserDir(user.Username, user.Scope, srv.Root)
+	if err != nil {
+		return nil, err
+	}
+	user.Scope = userHome
+
+	err = usr.Save(user)
+	if err != nil {
+		return nil, err
+	}
+
+	return user, nil
 }
 
 // LoginPage tells that proxy auth doesn't require a login page.