diff --git a/web/__init__.py b/web/__init__.py
index 6dd43c8..db730a3 100644
--- a/web/__init__.py
+++ b/web/__init__.py
@@ -85,6 +85,9 @@ def record_attestation(
     db: Session = Depends(get_db),
 ):
     user = crud.get_user_with_token(db, token)
+    if user == None:
+        raise HTTPException(status_code=401, detail="User not found")
+
     crud.create_attestation(db, drv_hash, output_sha256_map, user)
     return {
         "Attestation accepted"
diff --git a/web/crud.py b/web/crud.py
index 22ccdd7..a41f7a9 100644
--- a/web/crud.py
+++ b/web/crud.py
@@ -29,5 +29,7 @@ def create_attestation(db: Session, drv_hash: str, output_hash_map: list[schemas
 
 
 def get_user_with_token(db: Session, token_val: str):
-    token = db.query(models.Token).filter_by(value=token_val).one()
+    token = db.query(models.Token).filter_by(value=token_val).one_or_none()
+    if token is None:
+        return None
     return token.user_id