diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 67c4742e..c58303ba 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -14,8 +14,15 @@ class ApplicationController < ActionController::Base
     @current_user ||= ExternalUser.find_by(id: session[:external_user_id]) || login_from_session || login_from_other_sources
   end
 
+  def require_user!
+    raise Pundit::NotAuthorizedError unless current_user
+  end
+
   def render_not_authorized
-    redirect_to(request.referrer || :root, alert: t('application.not_authorized'))
+    respond_to do |format|
+      format.html { redirect_to(request.referrer || :root, alert: t('application.not_authorized')) }
+      format.json { render json: {error: t('application.not_authorized')}, status: :unauthorized }
+    end
   end
   private :render_not_authorized
 
diff --git a/app/controllers/flowr_controller.rb b/app/controllers/flowr_controller.rb
index b56baf88..6f4a3f35 100644
--- a/app/controllers/flowr_controller.rb
+++ b/app/controllers/flowr_controller.rb
@@ -1,38 +1,29 @@
 class FlowrController < ApplicationController
 
   def insights
-    unless current_user
-      skip_authorization
-      respond_to do |format|
-        format.html { render_not_authorized }
-        format.json { render json: {}, status: :unauthorized }
-      end
-    else
-      # get the latest submission for this user that also has a test run (i.e. structured_errors if applicable)
-      submission = Submission.joins(:testruns)
-                       .where(submissions: {user_id: current_user.id, user_type: current_user.class.name})
-                       .order('testruns.created_at DESC').first
-      # verify authorization for the submission, as all queried errors are generated by this submission anyway
-      # and structured_errors don't have a policy yet
-      authorize(submission)
-      errors = StructuredError.where(submission_id: submission.id)
+    require_user!
+    # get the latest submission for this user that also has a test run (i.e. structured_errors if applicable)
+    submission = Submission.joins(:testruns)
+                     .where(submissions: {user_id: current_user.id, user_type: current_user.class.name})
+                     .order('testruns.created_at DESC').first
+    # verify authorization for the submission, as all queried errors are generated by this submission anyway
+    # and structured_errors don't have a policy yet
+    authorize(submission)
+    errors = StructuredError.where(submission_id: submission.id)
 
-      # for each error get all attributes, filter out uninteresting ones, and build a query
-      insights = errors.map do |error|
-        attributes = error.structured_error_attributes.select do |attribute|
-          is_interesting(attribute) and attribute.match
-        end
-        # once the programming language model becomes available, the language name can be added to the query to
-        # produce more relevant results
-        query = attributes.map{|att| att.value}.join(' ')
-        { submission: submission, error: error, attributes: attributes, query: query }
-      end
-
-      respond_to do |format|
-        format.html { render json: insights, status: :ok }
-        format.json { render json: insights, status: :ok }
+    # for each error get all attributes, filter out uninteresting ones, and build a query
+    insights = errors.map do |error|
+      attributes = error.structured_error_attributes.select do |attribute|
+        is_interesting(attribute) and attribute.match
       end
+      # once the programming language model becomes available, the language name can be added to the query to
+      # produce more relevant results
+      query = attributes.map{|att| att.value}.join(' ')
+      { submission: submission, error: error, attributes: attributes, query: query }
     end
+
+    # Always return JSON
+    render json: insights, status: :ok
   end
 
   def is_interesting(attribute)