diff --git a/app/controllers/subscriptions_controller.rb b/app/controllers/subscriptions_controller.rb
index acbdb02d8..315905001 100644
--- a/app/controllers/subscriptions_controller.rb
+++ b/app/controllers/subscriptions_controller.rb
@@ -32,8 +32,12 @@ class SubscriptionsController < ApplicationController
 
     def set_user_locale(&action)
       if params[:locale].blank?
-        session[:locale] = I18n.available_locales.find { |locale| locale == @user.locale&.to_sym }.to_s
+        session[:locale] = find_locale.to_s
       end
       I18n.with_locale(session[:locale], &action)
     end
+
+    def find_locale
+      I18n.available_locales.find { |locale| locale == @user.locale&.to_sym } || I18n.locale
+    end
 end
diff --git a/spec/controllers/subscriptions_controller_spec.rb b/spec/controllers/subscriptions_controller_spec.rb
index dd1934dd6..1e1124125 100644
--- a/spec/controllers/subscriptions_controller_spec.rb
+++ b/spec/controllers/subscriptions_controller_spec.rb
@@ -27,5 +27,13 @@ describe SubscriptionsController do
 
       expect(session[:locale]).to eq "es"
     end
+
+    it "only accepts available locales" do
+      create(:user, locale: "wl", subscriptions_token: "mytoken")
+
+      get :edit, params: { token: "mytoken" }
+
+      expect(session[:locale]).to eq "en"
+    end
   end
 end