diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb
index 5bebe5619..709e66955 100644
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@@ -158,12 +158,15 @@ class Registrar
 
     def find_user_by_idc_and_allowed(idc)
       return User.new unless idc
+
       possible_users = ApiUser.where(identity_code: idc) || User.new
       possible_users.each do |selected_user|
-        if selected_user.registrar.white_ips.registrar_area.include_ip?(request.ip)
-          return selected_user
-        end
+        next unless selected_user.registrar.white_ips.registrar_area.include_ip?(request.ip)
+
+        return selected_user
       end
+
+      User.new
     end
 
     def check_ip_restriction