diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index ada4943a0..0a83e9feb 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -16,6 +16,7 @@ class Admin::UsersController < Admin::AdminController
 
   def show
     @user = User.where(username_lower: params[:id]).first
+    raise Discourse::NotFound.new unless @user
     render_serialized(@user, AdminDetailedUserSerializer, root: false)
   end
 
diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb
index 1e5d645cc..ae7e9559f 100644
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Admin::UsersController do
 
-  it "is a subclass of AdminController" do
+  it 'is a subclass of AdminController' do
     (Admin::UsersController < Admin::AdminController).should be_true
   end
 
@@ -23,10 +23,19 @@ describe Admin::UsersController do
       end
     end
 
-    context '.show' do
-      it 'returns success' do
-        xhr :get, :show, id: @user.username
-        response.should be_success
+    describe '.show' do
+      context 'an existing user' do
+        it 'returns success' do
+          xhr :get, :show, id: @user.username
+          response.should be_success
+        end
+      end
+
+      context 'an existing user' do
+        it 'returns success' do
+          xhr :get, :show, id: 'foobar'
+          response.should_not be_success
+        end
       end
     end