diff --git a/app/controllers/users/confirmations_controller.rb b/app/controllers/users/confirmations_controller.rb
index de65e592a..3ffced63e 100644
--- a/app/controllers/users/confirmations_controller.rb
+++ b/app/controllers/users/confirmations_controller.rb
@@ -27,7 +27,7 @@ class Users::ConfirmationsController < Devise::ConfirmationsController
   def show
     # In the default implementation, this already confirms the resource:
     # self.resource = self.resource = resource_class.confirm_by_token(params[:confirmation_token])
-    self.resource = resource_class.find_by(confirmation_token: params[:confirmation_token])
+    self.resource = resource_class.find_by!(confirmation_token: params[:confirmation_token])
 
     yield resource if block_given?
 
diff --git a/spec/controllers/users/confirmations_controller_spec.rb b/spec/controllers/users/confirmations_controller_spec.rb
new file mode 100644
index 000000000..bcb185ef8
--- /dev/null
+++ b/spec/controllers/users/confirmations_controller_spec.rb
@@ -0,0 +1,13 @@
+require "rails_helper"
+
+describe Users::ConfirmationsController do
+  before do
+    @request.env["devise.mapping"] = Devise.mappings[:user]
+  end
+
+  describe "GET show" do
+    it "returns a 404 code with a wrong token" do
+      expect { get :show, token: "non_existent" }.to raise_error ActiveRecord::RecordNotFound
+    end
+  end
+end