diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
index 2aeed4bc54..370a1a30ae 100644
--- a/src/libsync/clientsideencryption.cpp
+++ b/src/libsync/clientsideencryption.cpp
@@ -1599,7 +1599,7 @@ void ClientSideEncryption::writePrivateKey(const AccountPtr &account)
     job->setInsecureFallback(false);
     job->setKey(kck);
     job->setBinaryData(getPrivateKey());
-    connect(job, &WritePasswordJob::finished, [](Job *incoming) {
+    connect(job, &WritePasswordJob::finished, job, [](Job *incoming) {
         Q_UNUSED(incoming);
         qCInfo(lcCse()) << "Private key stored in keychain";
     });
@@ -1618,7 +1618,7 @@ void ClientSideEncryption::writeCertificate(const AccountPtr &account)
     job->setInsecureFallback(false);
     job->setKey(kck);
     job->setBinaryData(_encryptionCertificate.getCertificate().toPem());
-    connect(job, &WritePasswordJob::finished, [](Job *incoming) {
+    connect(job, &WritePasswordJob::finished, job, [](Job *incoming) {
         Q_UNUSED(incoming);
         qCInfo(lcCse()) << "Certificate stored in keychain";
     });
@@ -1633,7 +1633,7 @@ void ClientSideEncryption::writeCertificate(const AccountPtr &account, const QSt
     job->setInsecureFallback(false);
     job->setKey(keyChainKey);
     job->setBinaryData(certificate.toPem());
-    connect(job, &WritePasswordJob::finished, [this, certificate](Job *incoming) {
+    connect(job, &WritePasswordJob::finished, job, [this, certificate](Job *incoming) {
         Q_UNUSED(incoming);
         qCInfo(lcCse()) << "Certificate stored in keychain";
         emit certificateWriteComplete(certificate);
@@ -1756,11 +1756,15 @@ void ClientSideEncryption::getUsersPublicKeyFromServer(const AccountPtr &account
 {
     qCInfo(lcCse()) << "Retrieving public keys from server, for users:" << userIds;
     const auto job = new JsonApiJob(account, e2eeBaseUrl(account) + QStringLiteral("public-key"), this);
-    connect(job, &JsonApiJob::jsonReceived, [this, account, userIds](const QJsonDocument &doc, int retCode) {
+    connect(job, &JsonApiJob::jsonReceived, job, [this, account, userIds](const QJsonDocument &doc, int retCode) {
         if (retCode == 200) {
             QHash<QString, NextcloudSslCertificate> results;
-            const auto publicKeys = doc.object()[QStringLiteral("ocs")].toObject()[QStringLiteral("data")].toObject()[QStringLiteral("public-keys")].toObject();
-            for (const auto &userId : publicKeys.keys()) {
+            const auto &docObj = doc.object();
+            const auto &ocsObj = docObj[QStringLiteral("ocs")].toObject();
+            const auto &dataObj = ocsObj[QStringLiteral("data")].toObject();
+            const auto &publicKeys = dataObj[QStringLiteral("public-keys")].toObject();
+            const auto &allKeys = publicKeys.keys();
+            for (const auto &userId : allKeys) {
                 if (userIds.contains(userId)) {
                     results.insert(userId, QSslCertificate(publicKeys.value(userId).toString().toLocal8Bit(), QSsl::Pem));
                 }
@@ -1860,7 +1864,7 @@ void ClientSideEncryption::saveCertificateIdentification(const AccountPtr &accou
 void ClientSideEncryption::cacheTokenPin(const QString pin)
 {
     _cachedPin = pin;
-    QTimer::singleShot(86400000, [this] () {
+    QTimer::singleShot(86400000, this, [this] () {
         _cachedPin.clear();
     });
 }
@@ -1952,7 +1956,7 @@ std::pair<QByteArray, PKey> ClientSideEncryption::generateCSR(const AccountPtr &
     };
 
     int ret = 0;
-    int nVersion = 1;
+    int nVersion = 0; // X.509 certificate requests only support version 1
 
     // 2. set version of x509 req
     auto x509_req = X509_REQ_new();
@@ -2049,7 +2053,7 @@ void ClientSideEncryption::sendPublicKey(const AccountPtr &account)
     // Send public key to the server
     auto job = new StorePublicKeyApiJob(account, e2eeBaseUrl(account) + "public-key", this);
     job->setPublicKey(_encryptionCertificate.getCertificate().toPem());
-    connect(job, &StorePublicKeyApiJob::jsonReceived, [this, account](const QJsonDocument& doc, int retCode) {
+    connect(job, &StorePublicKeyApiJob::jsonReceived, job, [this, account](const QJsonDocument& doc, int retCode) {
         Q_UNUSED(doc);
         switch(retCode) {
         case 200:
@@ -2094,7 +2098,7 @@ void ClientSideEncryption::writeKeyPair(const AccountPtr &account,
     privateKeyJob->setInsecureFallback(false);
     privateKeyJob->setKey(privateKeyKeychainId);
     privateKeyJob->setBinaryData(bytearrayPrivateKey);
-    connect(privateKeyJob, &WritePasswordJob::finished, [keyPair = std::move(keyPair), publicKeyKeychainId, account, csrContent, this] (Job *incoming) mutable {
+    connect(privateKeyJob, &WritePasswordJob::finished, privateKeyJob, [keyPair = std::move(keyPair), publicKeyKeychainId, account, csrContent, this] (Job *incoming) mutable {
         if (incoming->error() != Error::NoError) {
             failedToInitialize(account);
             return;
@@ -2113,7 +2117,7 @@ void ClientSideEncryption::writeKeyPair(const AccountPtr &account,
         publicKeyJob->setInsecureFallback(false);
         publicKeyJob->setKey(publicKeyKeychainId);
         publicKeyJob->setBinaryData(bytearrayPublicKey);
-        connect(publicKeyJob, &WritePasswordJob::finished, [account, keyPair = std::move(keyPair), csrContent, this](Job *incoming) mutable {
+        connect(publicKeyJob, &WritePasswordJob::finished, publicKeyJob, [account, keyPair = std::move(keyPair), csrContent, this](Job *incoming) mutable {
             if (incoming->error() != Error::NoError) {
                 failedToInitialize(account);
                 return;
diff --git a/src/libsync/foldermetadata.cpp b/src/libsync/foldermetadata.cpp
index b0a3011a1c..0897e25131 100644
--- a/src/libsync/foldermetadata.cpp
+++ b/src/libsync/foldermetadata.cpp
@@ -42,7 +42,10 @@ const auto metadataKeySize = 16;
 
 QString metadataStringFromOCsDocument(const QJsonDocument &ocsDoc)
 {
-    return ocsDoc.object()["ocs"].toObject()["data"].toObject()["meta-data"].toString();
+    const auto &ocsDocObj = ocsDoc.object();
+    const auto &ocsObj = ocsDocObj["ocs"].toObject();
+    const auto &dataObj = ocsObj["data"].toObject();
+    return dataObj["meta-data"].toString();
 }
 }
 
@@ -193,9 +196,10 @@ void FolderMetadata::setupExistingMetadata(const QByteArray &metadata)
         return;
     }
 
-    const auto metadataObj = metaDataDoc.object()[metadataJsonKey].toObject();
+    const auto &metaDataObj = metaDataDoc.object();
+    const auto &metadataObj = metaDataObj[metadataJsonKey].toObject();
     _metadataNonce = QByteArray::fromBase64(metadataObj[nonceKey].toString().toLocal8Bit());
-    const auto cipherTextEncrypted = metadataObj[cipherTextKey].toString().toLocal8Bit();
+    const auto &cipherTextEncrypted = metadataObj[cipherTextKey].toString().toLocal8Bit();
 
     // for compatibility, the format is "cipheredpart|initializationVector", so we need to extract the "cipheredpart"
     const auto cipherTextPartExtracted = cipherTextEncrypted.split('|').at(0);
@@ -228,10 +232,11 @@ void FolderMetadata::setupExistingMetadata(const QByteArray &metadata)
         return;
     }
 
-    const auto files = cipherTextDocument.object()[filesKey].toObject();
-    const auto folders = cipherTextDocument.object()[foldersKey].toObject();
+    const auto &cipherTextObj = cipherTextDocument.object();
+    const auto &files = cipherTextObj[filesKey].toObject();
+    const auto &folders = cipherTextObj[foldersKey].toObject();
 
-    const auto counterVariantFromJson = cipherTextDocument.object().value(counterKey).toVariant();
+    const auto counterVariantFromJson = cipherTextObj.value(counterKey).toVariant();
     if (counterVariantFromJson.isValid() && counterVariantFromJson.canConvert<quint64>()) {
         // TODO: We need to check counter: new counter must be greater than locally stored counter
         // What does that mean? We store the counter in metadata, should we now store it in local database as we do for all file records in SyncJournal?
@@ -263,14 +268,15 @@ void FolderMetadata::setupExistingMetadataLegacy(const QByteArray &metadata)
     const auto doc = QJsonDocument::fromJson(metadata);
     qCDebug(lcCseMetadata()) << "Setting up legacy existing metadata version" << _existingMetadataVersion << doc.toJson(QJsonDocument::Compact);
 
-    const auto metaDataStr = metadataStringFromOCsDocument(doc);
-    const auto metaDataDoc = QJsonDocument::fromJson(metaDataStr.toLocal8Bit());
-    const auto metadataObj = metaDataDoc.object()[metadataJsonKey].toObject();
+    const auto &metaDataStr = metadataStringFromOCsDocument(doc);
+    const auto &metaDataDoc = QJsonDocument::fromJson(metaDataStr.toLocal8Bit());
+    const auto &metaDataObj = metaDataDoc.object();
+    const auto &fullMetaDataObj = metaDataObj[metadataJsonKey].toObject();
 
     // we will use metadata key from metadata to decrypt legacy metadata, so let's clear the decryption key if any provided by top-level folder
     _metadataKeyForDecryption.clear();
 
-    const auto metadataKeyFromJson = metadataObj[metadataKeyKey].toString().toLocal8Bit();
+    const auto metadataKeyFromJson = fullMetaDataObj[metadataKeyKey].toString().toLocal8Bit();
     if (!metadataKeyFromJson.isEmpty()) {
         // parse version 1.1 and 1.2 (both must have a single "metadataKey"), not "metadataKeys" as 1.0
         const auto decryptedMetadataKeyBase64 = decryptDataWithPrivateKey(metadataKeyFromJson);
@@ -284,14 +290,15 @@ void FolderMetadata::setupExistingMetadataLegacy(const QByteArray &metadata)
         // parse version 1.0 (before security-vulnerability fix for metadata keys was released
         qCDebug(lcCseMetadata()) << "Migrating from" << _existingMetadataVersion << "to"
                                  << latestSupportedMetadataVersion();
-        const auto metadataKeys = metadataObj["metadataKeys"].toObject();
+        const auto metadataKeys = fullMetaDataObj["metadataKeys"].toObject();
         if (metadataKeys.isEmpty()) {
             qCWarning(lcCseMetadata()) << "Could not migrate. No metadata keys found!";
             _account->reportClientStatus(OCC::ClientStatusReportingStatus::E2EeError_GeneralError);
             return;
         }
 
-        const auto lastMetadataKeyFromJson = metadataKeys.keys().last().toLocal8Bit();
+        const auto &allKeys = metadataKeys.keys();
+        const auto &lastMetadataKeyFromJson = allKeys.last().toLocal8Bit();
         if (!lastMetadataKeyFromJson.isEmpty()) {
             const auto lastMetadataKeyValueFromJson = metadataKeys.value(lastMetadataKeyFromJson).toString().toLocal8Bit();
             if (!lastMetadataKeyValueFromJson.isEmpty()) {
@@ -313,12 +320,11 @@ void FolderMetadata::setupExistingMetadataLegacy(const QByteArray &metadata)
         _metadataKeyForEncryption = metadataKeyForDecryption();
     }
 
-    const auto sharing = metadataObj["sharing"].toString().toLocal8Bit();
-    const auto files = metaDataDoc.object()[filesKey].toObject();
-    const auto metadataKey = metaDataDoc.object()[metadataJsonKey].toObject()[metadataKeyKey].toString().toUtf8();
-    const auto metadataKeyChecksum = metaDataDoc.object()[metadataJsonKey].toObject()["checksum"].toString().toUtf8();
+    const auto &files = metaDataObj[filesKey].toObject();
+    const auto &metadataKey = metaDataObj[metadataJsonKey].toObject()[metadataKeyKey].toString().toUtf8();
+    const auto &metadataKeyChecksum = metaDataObj[metadataJsonKey].toObject()["checksum"].toString().toUtf8();
 
-    setFileDrop(metaDataDoc.object().value("filedrop").toObject());
+    setFileDrop(metaDataObj.value("filedrop").toObject());
     // for unit tests
     _fileDropFromServer = _fileDrop;
 
@@ -373,10 +379,10 @@ void FolderMetadata::setupExistingMetadataLegacy(const QByteArray &metadata)
 
 void FolderMetadata::setupVersionFromExistingMetadata(const QByteArray &metadata)
 {
-    const auto doc = QJsonDocument::fromJson(metadata);
-    const auto metaDataStr = metadataStringFromOCsDocument(doc);
-    const auto metaDataDoc = QJsonDocument::fromJson(metaDataStr.toLocal8Bit());
-    const auto metadataObj = metaDataDoc.object()[metadataJsonKey].toObject();
+    const auto &doc = QJsonDocument::fromJson(metadata);
+    const auto &metaDataStr = metadataStringFromOCsDocument(doc);
+    const auto &metaDataDoc = QJsonDocument::fromJson(metaDataStr.toLocal8Bit()).object();
+    const auto &metadataObj = metaDataDoc[metadataJsonKey].toObject();
 
     QString versionStringFromMetadata;
 
@@ -388,8 +394,8 @@ void FolderMetadata::setupVersionFromExistingMetadata(const QByteArray &metadata
             versionStringFromMetadata = QString::number(metadataVersionValue.toDouble(), 'f', 1);
         }
     }
-    else if (metaDataDoc.object().contains(versionKey)) {
-        const auto metadataVersionValue = metaDataDoc.object()[versionKey].toVariant();
+    else if (metaDataDoc.contains(versionKey)) {
+        const auto metadataVersionValue = metaDataDoc[versionKey].toVariant();
         if (metadataVersionValue.metaType() == QMetaType(QMetaType::QString)) {
             versionStringFromMetadata = metadataVersionValue.toString();
         } else if (metadataVersionValue.metaType() == QMetaType(QMetaType::Double)) {
@@ -566,8 +572,6 @@ void FolderMetadata::initEmptyMetadataLegacy()
 {
     _metadataKeyForEncryption = EncryptionHelper::generateRandom(metadataKeySize);
     _metadataKeyForDecryption = _metadataKeyForEncryption;
-    QString publicKey = _account->e2e()->getPublicKey().toPem().toBase64();
-    QString displayName = _account->displayName();
 
     _isMetadataValid = true;
 
@@ -771,8 +775,8 @@ FolderMetadata::MetadataVersion FolderMetadata::latestSupportedMetadataVersion()
 
 bool FolderMetadata::parseFileDropPart(const QJsonDocument &doc)
 {
-    const auto fileDropObject = doc.object().value(filedropKey).toObject();
-    const auto fileDropMap = fileDropObject.toVariantMap();
+    const auto &fileDropObject = doc.object().value(filedropKey).toObject();
+    const auto &fileDropMap = fileDropObject.toVariantMap();
 
     for (auto it = std::cbegin(fileDropMap); it != std::cend(fileDropMap); ++it) {
         const auto fileDropEntryParsed = it.value().toMap();