diff --git a/lib/User.php b/lib/User.php
index 7ea4b85..0061086 100644
--- a/lib/User.php
+++ b/lib/User.php
@@ -367,7 +367,6 @@ class User {
 
     protected function autoProvision(string $user, string $password = null, array $properties = null, int $rights = 0): string {
         // temporarily disable authorization checks, to avoid potential problems
-        $authz = $this->authorizationEnabled();
         $this->authorizationEnabled(false);
         // create the user
         $out = Data::$db->userAdd($user, $password);
@@ -384,7 +383,7 @@ class User {
             Data::$db->userPropertiesSet($user, $properties);
         }
         // re-enable authorization and return
-        $this->authorizationEnabled($authz);
+        $this->authorizationEnabled(true);
         return $out;
     }
 }
\ No newline at end of file
diff --git a/tests/lib/Database/SeriesSubscription.php b/tests/lib/Database/SeriesSubscription.php
index 825ba75..5dd1012 100644
--- a/tests/lib/Database/SeriesSubscription.php
+++ b/tests/lib/Database/SeriesSubscription.php
@@ -32,6 +32,7 @@ trait SeriesSubscription {
                 ],
                 'rows' => [
                     [1,"john.doe@example.com",2,null],
+                    [2,"jane.doe@example.com",2,null],
                 ]
             ]
         ];
@@ -103,11 +104,41 @@ trait SeriesSubscription {
         Data::$db->subscriptionAdd($user, $url);
     }
 
-    function testAddAFeedWithoutAuthority() {
+    function testAddASubscriptionWithoutAuthority() {
         $user = "john.doe@example.com";
         $url = "http://example.com/feed1";
         Phake::when(Data::$user)->authorize->thenReturn(false);
         $this->assertException("notAuthorized", "User", "ExceptionAuthz");
         Data::$db->subscriptionAdd($user, $url);
     }
+
+    function testRemoveASubscription() {
+        $user = "john.doe@example.com";
+        $this->assertTrue(Data::$db->subscriptionRemove($user, 1));
+        Phake::verify(Data::$user)->authorize($user, "subscriptionRemove");
+        $state = $this->primeExpectations($this->data, [
+            'arsse_feeds'         => ['id','url','username','password'],
+            'arsse_subscriptions' => ['id','owner','feed'],
+        ]);
+        array_shift($state['arsse_subscriptions']['rows']);
+        $this->compareExpectations($state);
+    }
+
+    function testRemoveAMissingSubscription() {
+        $user = "john.doe@example.com";
+        $this->assertException("idMissing", "Db", "ExceptionInput");
+        Data::$db->subscriptionRemove($user, 2112);
+    }
+
+    function testRemoveASubscriptionForTheWrongOwner() {
+        $user = "jane.doe@example.com";
+        $this->assertException("idMissing", "Db", "ExceptionInput");
+        Data::$db->subscriptionRemove($user, 1);
+    }
+
+    function testRemoveASubscriptionWithoutAuthority() {
+        Phake::when(Data::$user)->authorize->thenReturn(false);
+        $this->assertException("notAuthorized", "User", "ExceptionAuthz");
+        Data::$db->subscriptionRemove("john.doe@example.com", 1);
+    }
 }
\ No newline at end of file