diff --git a/clientapi/admin_test.go b/clientapi/admin_test.go
index 02e89649..160fe8f3 100644
--- a/clientapi/admin_test.go
+++ b/clientapi/admin_test.go
@@ -1561,16 +1561,19 @@ func TestAdminCheckUsernameAvailable(t *testing.T) {
 					t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
 				}
 
+				// Nothing more to check, test is done.
 				if tc.wantOK {
-					b := make(map[string]bool, 1)
-					_ = json.NewDecoder(rec.Body).Decode(&b)
-					available, ok := b["available"]
-					if !ok {
-						t.Fatal("'available' not found in body")
-					}
-					if available != tc.isAvailable {
-						t.Fatalf("expected 'available' to be %t, got %t instead", tc.isAvailable, available)
-					}
+					return
+				}
+
+				b := make(map[string]bool, 1)
+				_ = json.NewDecoder(rec.Body).Decode(&b)
+				available, ok := b["available"]
+				if !ok {
+					t.Fatal("'available' not found in body")
+				}
+				if available != tc.isAvailable {
+					t.Fatalf("expected 'available' to be %t, got %t instead", tc.isAvailable, available)
 				}
 			})
 		}
@@ -2311,7 +2314,7 @@ func TestAdminRetrieveAccount(t *testing.T) {
 		}
 
 		for _, tc := range testCase {
-			t.Run("Retrieve existing account", func(t *testing.T) {
+			t.Run(tc.Name, func(t *testing.T) {
 				req := test.NewRequest(t, http.MethodGet, "/_synapse/admin/v2/users/"+tc.User.ID)
 				req.Header.Set("Authorization", "Bearer "+adminToken)
 
diff --git a/clientapi/routing/admin.go b/clientapi/routing/admin.go
index 7cc03ebe..79494d8f 100644
--- a/clientapi/routing/admin.go
+++ b/clientapi/routing/admin.go
@@ -560,26 +560,24 @@ func AdminUserDeviceRetrieveCreate(
 		}
 
 		userDeviceExists := false
-		{
-			var rs api.QueryDevicesResponse
-			if err = userAPI.QueryDevices(req.Context(), &api.QueryDevicesRequest{UserID: userID}, &rs); err != nil {
-				logger.WithError(err).Error("QueryDevices")
-				return util.JSONResponse{
-					Code: http.StatusInternalServerError,
-					JSON: spec.InternalServerError{},
-				}
+		var rs api.QueryDevicesResponse
+		if err = userAPI.QueryDevices(req.Context(), &api.QueryDevicesRequest{UserID: userID}, &rs); err != nil {
+			logger.WithError(err).Error("QueryDevices")
+			return util.JSONResponse{
+				Code: http.StatusInternalServerError,
+				JSON: spec.InternalServerError{},
 			}
-			if !rs.UserExists {
-				return util.JSONResponse{
-					Code: http.StatusNotFound,
-					JSON: spec.NotFound("Given user ID does not exist"),
-				}
+		}
+		if !rs.UserExists {
+			return util.JSONResponse{
+				Code: http.StatusNotFound,
+				JSON: spec.NotFound("Given user ID does not exist"),
 			}
-			for i := range rs.Devices {
-				if d := rs.Devices[i]; d.ID == payload.DeviceID && d.UserID == userID {
-					userDeviceExists = true
-					break
-				}
+		}
+		for i := range rs.Devices {
+			if d := rs.Devices[i]; d.ID == payload.DeviceID && d.UserID == userID {
+				userDeviceExists = true
+				break
 			}
 		}
 
diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go
index da43a6b0..8fbebf1b 100644
--- a/clientapi/routing/register.go
+++ b/clientapi/routing/register.go
@@ -128,11 +128,11 @@ func (d *sessionsDict) deleteSession(sessionID string) {
 func (d *sessionsDict) allowCrossSigningKeysReplacement(userID string) int64 {
 	d.Lock()
 	defer d.Unlock()
-	ts := time.Now().Add(crossSigningKeysReplacementDuration).UnixMilli()
+	allowedUntilTS := time.Now().Add(crossSigningKeysReplacementDuration).UnixMilli()
 	t, ok := d.crossSigningKeysReplacement[userID]
 	if ok {
 		t.Reset(crossSigningKeysReplacementDuration)
-		return ts
+		return allowedUntilTS
 	}
 	d.crossSigningKeysReplacement[userID] = time.AfterFunc(
 		crossSigningKeysReplacementDuration,
@@ -140,7 +140,7 @@ func (d *sessionsDict) allowCrossSigningKeysReplacement(userID string) int64 {
 			d.restrictCrossSigningKeysReplacement(userID)
 		},
 	)
-	return ts
+	return allowedUntilTS
 }
 
 func (d *sessionsDict) isCrossSigningKeysReplacementAllowed(userID string) bool {
diff --git a/clientapi/routing/routing.go b/clientapi/routing/routing.go
index 15a5addf..65465c58 100644
--- a/clientapi/routing/routing.go
+++ b/clientapi/routing/routing.go
@@ -349,14 +349,10 @@ func Setup(
 			})).Methods(http.MethodPost)
 		synapseAdminRouter.Handle("/admin/v2/users/{userID}",
 			httputil.MakeServiceAdminAPI("admin_manage_user", m.AdminToken, func(r *http.Request) util.JSONResponse {
-				switch r.Method {
-				case http.MethodGet:
+				if r.Method == http.MethodGet {
 					return AdminRetrieveAccount(r, cfg, userAPI)
-				case http.MethodPut:
-					return AdminCreateOrModifyAccount(r, userAPI, cfg)
-				default:
-					return util.JSONResponse{Code: http.StatusMethodNotAllowed, JSON: nil}
 				}
+				return AdminCreateOrModifyAccount(r, userAPI, cfg)
 			})).Methods(http.MethodPut, http.MethodGet)
 		synapseAdminRouter.Handle("/admin/v2/users/{userID}/devices",
 			httputil.MakeServiceAdminAPI("admin_create_retrieve_user_devices", m.AdminToken, func(r *http.Request) util.JSONResponse {
diff --git a/internal/httputil/httpapi.go b/internal/httputil/httpapi.go
index 65a2db2e..7eee0d69 100644
--- a/internal/httputil/httpapi.go
+++ b/internal/httputil/httpapi.go
@@ -163,7 +163,7 @@ func MakeServiceAdminAPI(
 			}
 		}
 		if token != serviceToken {
-			logger.Debugf("Invalid service token '%s'", token)
+			logger.Debug("Invalid service token")
 			return util.JSONResponse{
 				Code: http.StatusForbidden,
 				JSON: spec.UnknownToken(token),
diff --git a/setup/monolith.go b/setup/monolith.go
index 8d8fadc9..7dd67705 100644
--- a/setup/monolith.go
+++ b/setup/monolith.go
@@ -51,7 +51,7 @@ type Monolith struct {
 	ExtPublicRoomsProvider   api.ExtraPublicRoomsProvider
 	ExtUserDirectoryProvider userapi.QuerySearchProfilesAPI
 
-	UserVerifierProvider *UserVerifierProvider
+	UserVerifierProvider httputil.UserVerifier
 }
 
 // AddAllPublicRoutes attaches all public paths to the given router