diff --git a/backend/src/graphql/directive/isAuthorized.ts b/backend/src/graphql/directive/isAuthorized.ts
index 4a31dfede..c72a52ac4 100644
--- a/backend/src/graphql/directive/isAuthorized.ts
+++ b/backend/src/graphql/directive/isAuthorized.ts
@@ -14,6 +14,12 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
   context.role = ROLE_UNAUTHORIZED // unauthorized user
 
   // moriz: I think it is better to check the INALIENABLE_RIGHTS here
+  /* 
+  if ((<RIGHTS[]>rights).reduce(
+    (acc, right) => acc && INALIENABLE_RIGHTS.includes(right),
+    true,
+  )) return true
+  */
 
   // Do we have a token?
   if (context.token) {
diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index 9b2db42e8..570f09823 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -373,7 +373,7 @@ describe('UserResolver', () => {
 
     describe('user is in database and wrong password', () => {
       beforeAll(async () => {
-        // resetToken()
+        resetToken()
         await createUser(mutate, {
           email: 'peter@lustig.de',
           firstName: 'Peter',