diff --git a/services/web/app/src/Features/User/UserController.js b/services/web/app/src/Features/User/UserController.js
index 79347a03b7..a4d886915a 100644
--- a/services/web/app/src/Features/User/UserController.js
+++ b/services/web/app/src/Features/User/UserController.js
@@ -202,7 +202,7 @@ async function ensureAffiliationMiddleware(req, res, next) {
   try {
     user = await UserGetter.promises.getUser(userId)
   } catch (error) {
-    return new Errors.UserNotFoundError({ info: { userId } })
+    throw new Errors.UserNotFoundError({ info: { userId } })
   }
   // if the user does not have permission to add an affiliation, we skip this middleware
   try {
diff --git a/services/web/test/unit/src/User/UserControllerTests.js b/services/web/test/unit/src/User/UserControllerTests.js
index 717d136a09..160e877ad2 100644
--- a/services/web/test/unit/src/User/UserControllerTests.js
+++ b/services/web/test/unit/src/User/UserControllerTests.js
@@ -1106,5 +1106,22 @@ describe('UserController', function () {
         expect(this.next).to.be.calledWith(sinon.match.instanceOf(Error))
       })
     })
+
+    describe('when user is not found', function () {
+      beforeEach(async function () {
+        this.UserGetter.promises.getUser.rejects(new Error('not found'))
+        this.Features.hasFeature.withArgs('affiliations').returns(true)
+        this.req.query.ensureAffiliation = true
+        await this.UserController.ensureAffiliationMiddleware(
+          this.req,
+          this.res,
+          this.next
+        )
+      })
+
+      it('should return the error', function () {
+        expect(this.next).to.be.calledWith(sinon.match.instanceOf(Error))
+      })
+    })
   })
 })