diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index 53627877944..e58f0447dad 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -120,7 +120,7 @@ class SessionController < ApplicationController
     RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed!
 
     user = User.find_by_username_or_email(params[:login])
-    user_presence = user.present? && user.id != -1
+    user_presence = user.present? && user.id != Discourse::SYSTEM_USER_ID
     if user_presence
       email_token = user.email_tokens.create(email: user.email)
       Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token)
diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb
index 97abfe81e90..b16fdeff3c5 100644
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@@ -432,7 +432,7 @@ describe SessionController do
     end
 
     context 'do nothing to system username' do
-      let(:user) { User.find(-1) }
+      let(:user) { Discourse.system_user }
 
       it 'generates no token for system username' do
         lambda { xhr :post, :forgot_password, login: user.username}.should_not change(EmailToken, :count)