diff --git a/controllers/account.go b/controllers/account.go
index 2f2d1316..e49f4a5e 100644
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -368,9 +368,11 @@ func (c *ApiController) GetAccount() {
 		return
 	}
 
-	user.Permissions = object.GetMaskedPermissions(user.Permissions)
-	user.Roles = object.GetMaskedRoles(user.Roles)
-	user.MultiFactorAuths = object.GetAllMfaProps(user, true)
+	if user != nil {
+		user.Permissions = object.GetMaskedPermissions(user.Permissions)
+		user.Roles = object.GetMaskedRoles(user.Roles)
+		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
+	}
 
 	organization, err := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
 	if err != nil {
diff --git a/controllers/user.go b/controllers/user.go
index 3e5f4854..f64c61dc 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -198,7 +198,10 @@ func (c *ApiController) GetUser() {
 		return
 	}
 
-	user.MultiFactorAuths = object.GetAllMfaProps(user, true)
+	if user != nil {
+		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
+	}
+
 	err = object.ExtendUserWithRolesAndPermissions(user)
 	if err != nil {
 		c.ResponseError(err.Error())