diff --git a/src/controllers/usersController.ts b/src/controllers/usersController.ts
index 3f5c1a1..edb6018 100644
--- a/src/controllers/usersController.ts
+++ b/src/controllers/usersController.ts
@@ -46,7 +46,6 @@ export async function AddEmployee(req: Request, res: Response) {
     if (
       !storeId ||
       !username ||
-      !email ||
       passwordSetOnInitLogging === undefined ||
       (!password && passwordSetOnInitLogging === false) ||
       !language ||
@@ -107,22 +106,33 @@ export async function AddEmployee(req: Request, res: Response) {
 
     // validate username and email
 
-    email = email.toLowerCase();
-
-    if (!isUsernameValid(username) || !(await isEmailValid(email))) {
+    if (!isUsernameValid(username)) {
       return res.status(400).send({ err: "invalid request" });
     }
 
-    // check if user already exists
+    // only validate email if it is provided
+    if (email !== undefined && email.length > 0) {
+      email = email.toLowerCase();
 
-    const existingUser = await User.findOne({
-      where: {
-        email: email,
-      },
-    });
+      console.log("email", email);
 
-    if (existingUser) {
-      return res.status(400).send({ err: "invalid request" });
+      if (!(await isEmailValid(email))) {
+        return res.status(400).send({ err: "invalid request" });
+      }
+
+      // check if user already exists
+
+      const existingUser = await User.findOne({
+        where: {
+          email: email,
+        },
+      });
+
+      if (existingUser) {
+        return res.status(400).send({ err: "invalid request" });
+      }
+    } else {
+      email = "";
     }
 
     // create user
@@ -362,6 +372,11 @@ export async function UpdateEmployee(req: Request, res: Response) {
         ...update,
         email: email,
       };
+    } else {
+      update = {
+        ...update,
+        email: "",
+      };
     }
 
     if (username) {
diff --git a/src/middleware/authMiddleware.ts b/src/middleware/authMiddleware.ts
index 2a09faf..4b7b535 100644
--- a/src/middleware/authMiddleware.ts
+++ b/src/middleware/authMiddleware.ts
@@ -1,5 +1,8 @@
 import { Request } from "express";
 import { getUserSession } from "../utils/utils";
+import User from "../models/user";
+import { ACCOUNT_STATE } from "../utils/constants";
+import { userLogger } from "../logger/logger";
 
 export async function sessionProtection(req: Request, res: any, next: any) {
   const session = await getUserSession(req);
@@ -14,5 +17,26 @@ export async function sessionProtection(req: Request, res: any, next: any) {
     return res.status(401).send({ err: "unauthorized" });
   }
 
+  // check if user is active
+  const user = await User.findOne({
+    where: {
+      user_id: session.user_id,
+    },
+    attributes: ["state"],
+  });
+
+  if (!user) {
+    return res.status(401).send({ err: "unauthorized" });
+  }
+
+  if (user.state !== ACCOUNT_STATE.ACTIVE) {
+    userLogger.info(
+      session.user_id,
+      "GetUser logout due to account state",
+      user.state.toString()
+    );
+    return res.status(401).send({ err: "unauthorized" });
+  }
+
   next();
 }
diff --git a/src/models/user.ts b/src/models/user.ts
index 1fde9a7..a2251b4 100644
--- a/src/models/user.ts
+++ b/src/models/user.ts
@@ -59,7 +59,7 @@ User.init(
     },
     email: {
       type: DataTypes.STRING,
-      unique: true,
+      // allowNull defaults to true
     },
     username: {
       type: DataTypes.STRING,