diff --git a/app/models/user.rb b/app/models/user.rb
index a356419a796..cf3914568a6 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -153,7 +153,7 @@ class User < ActiveRecord::Base
   before_validation :set_public_email, if: ->(user) { user.public_email_changed? }
 
   after_update :update_emails_with_primary_email, if: ->(user) { user.email_changed? }
-  before_save :ensure_authentication_token, :ensure_incoming_email_token, :ensure_rss_token
+  before_save :ensure_authentication_token, :ensure_incoming_email_token
   before_save :ensure_external_user_rights
   after_save :ensure_namespace_correct
   after_initialize :set_projects_limit
@@ -1005,6 +1005,13 @@ class User < ActiveRecord::Base
     save
   end
 
+  # each existing user needs to have an `rss_token`.
+  # we do this on read since migrating all existing users is not a feasible
+  # solution.
+  def rss_token
+    ensure_rss_token!
+  end
+
   protected
 
   # override, from Devise::Validatable
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index ca2b872729f..aabdac4bb75 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -448,9 +448,11 @@ describe User, models: true do
   end
 
   describe 'rss token' do
-    it 'has rss token' do
-      user = create(:user)
-      expect(user.rss_token).not_to be_blank
+    it 'ensures an rss token on read' do
+      user = create(:user, rss_token: nil)
+      rss_token = user.rss_token
+      expect(rss_token).not_to be_blank
+      expect(user.reload.rss_token).to eq rss_token
     end
   end