From 62703f32d1f1f46607d0b971bcb1eb9fd5fa7a78 Mon Sep 17 00:00:00 2001
From: Christy Henriksson <chenriks@microsoft.com>
Date: Thu, 15 Feb 2018 11:45:50 -0800
Subject: [PATCH] Fix org confirmation link and other fixes (#5427)

---
 src/NuGetGallery/App_Code/ViewHelpers.cshtml  | 44 +++++++++----
 src/NuGetGallery/App_Start/Routes.cs          |  2 +-
 .../Controllers/AccountsController.cs         | 22 ++++---
 .../Controllers/OrganizationsController.cs    | 14 +++++
 .../Controllers/UsersController.cs            | 14 +++++
 src/NuGetGallery/NuGetGallery.csproj          |  2 +-
 .../gallery/page-manage-organization.js       | 11 +++-
 .../Services/ActionsRequiringPermissions.cs   |  7 +++
 src/NuGetGallery/UrlExtensions.cs             | 17 ++++-
 .../ViewModels/AccountViewModel.cs            |  2 +
 .../_OrganizationAccountManageMembers.cshtml  | 63 +++++++++++--------
 .../Views/{Users => Shared}/Confirm.cshtml    |  0
 .../Views/Shared/_AccountChangeEmail.cshtml   |  3 +-
 .../Shared/_AccountChangeNotifications.cshtml |  3 +-
 .../Shared/_AccountProfilePicture.cshtml      |  3 +-
 .../Views/Users/Organizations.cshtml          |  9 +--
 src/NuGetGallery/Views/Users/Transform.cshtml |  2 +-
 .../Controllers/AccountsControllerFacts.cs    |  4 +-
 .../OrganizationsControllerFacts.cs           |  8 +--
 .../ClientTelemetryPIIProcessorTests.cs       |  2 +-
 20 files changed, 163 insertions(+), 69 deletions(-)
 rename src/NuGetGallery/Views/{Users => Shared}/Confirm.cshtml (100%)

diff --git a/src/NuGetGallery/App_Code/ViewHelpers.cshtml b/src/NuGetGallery/App_Code/ViewHelpers.cshtml
index 9ab9e75de4..7831577342 100644
--- a/src/NuGetGallery/App_Code/ViewHelpers.cshtml
+++ b/src/NuGetGallery/App_Code/ViewHelpers.cshtml
@@ -495,7 +495,9 @@ var hlp = new AccordionHelper(name, formModelStatePrefix, expanded, page);
         Func<MvcHtmlString, HelperResult> content,
         bool expanded = true,
         string expandedIcon = "ChevronDown",
-        string collapsedIcon = "ChevronRight")
+        string collapsedIcon = "ChevronRight",
+        string disabledIcon = "Lock",
+        bool disabled = false)
 {
     @Section(viewPage,
         id,
@@ -515,29 +517,45 @@ var hlp = new AccordionHelper(name, formModelStatePrefix, expanded, page);
             Func<MvcHtmlString, HelperResult> content,
             bool expanded = false,
             string expandedIcon = "ChevronDown",
-            string collapsedIcon = "ChevronRight")
+            string collapsedIcon = "ChevronRight",
+            string disabledIcon = "Lock",
+            bool disabled = false)
 {
-    AddSection(viewPage.ViewBag, id);
+    if (!disabled)
+    {
+        AddSection(viewPage.ViewBag, id);
+    }
 
     <div class="clearfix">
         <div class="form-section-title">
             <h2>
-                <a href="#" role="button" data-toggle="collapse" data-target="#@id-container"
-                    aria-expanded="@expanded" aria-controls="@id-container" id="show-@id-container">
-                    <i class="ms-Icon ms-Icon--@(expanded ? expandedIcon : collapsedIcon)"
-                        aria-hidden="@(expanded ? "false" : "true")"></i>
+                @if (!disabled)
+                {
+                    <a href="#" role="button" data-toggle="collapse" data-target="#@id-container"
+                        aria-expanded="@expanded" aria-controls="@id-container" id="show-@id-container">
+                        <i class="ms-Icon ms-Icon--@(expanded ? expandedIcon : collapsedIcon)"
+                            aria-hidden="@(expanded ? "false" : "true")"></i>
+                        <span>@title(MvcHtmlString.Empty)</span>
+                    </a>
+                }
+                else
+                {
+                    <i class="ms-Icon ms-Icon--@disabledIcon" aria-hidden="true"></i>
                     <span>@title(MvcHtmlString.Empty)</span>
-                </a>
+                }
             </h2>
         </div>
         <div class="form-section-data">
             @data(MvcHtmlString.Empty)
         </div>
     </div>
-    <div class="panel panel-default panel-collapse collapse @(expanded ? "in" : string.Empty)"
-            aria-expanded="@(expanded ? "true" : "false")" id="@id-container">
-        <div class="panel-body">
-            @content(MvcHtmlString.Empty)
+    if (!disabled)
+    {
+        <div class="panel panel-default panel-collapse collapse @(expanded ? "in" : string.Empty)"
+                aria-expanded="@(expanded ? "true" : "false")" id="@id-container">
+            <div class="panel-body">
+                @content(MvcHtmlString.Empty)
+            </div>
         </div>
-    </div>
+    }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/App_Start/Routes.cs b/src/NuGetGallery/App_Start/Routes.cs
index cf63407109..2722ea5b20 100644
--- a/src/NuGetGallery/App_Start/Routes.cs
+++ b/src/NuGetGallery/App_Start/Routes.cs
@@ -272,7 +272,7 @@ public static void RegisterUIRoutes(RouteCollection routes)
 
             routes.MapRoute(
                 RouteName.ConfirmAccount,
-                "account/confirm/{username}/{token}",
+                "account/confirm/{accountName}/{token}",
                 new { controller = "Users", action = "Confirm" },
                 new RouteExtensions.ObfuscatedMetadata(2, Obfuscator.DefaultTelemetryUserName));
             
diff --git a/src/NuGetGallery/Controllers/AccountsController.cs b/src/NuGetGallery/Controllers/AccountsController.cs
index b0f54a31f0..5f581ace99 100644
--- a/src/NuGetGallery/Controllers/AccountsController.cs
+++ b/src/NuGetGallery/Controllers/AccountsController.cs
@@ -84,15 +84,13 @@ public virtual ActionResult ConfirmationRequiredPost(string accountName = null)
             {
                 return new HttpStatusCodeResult(HttpStatusCode.Forbidden, Strings.Unauthorized);
             }
-
-            var confirmationUrl = Url.ConfirmEmail(account.Username, account.EmailConfirmationToken, relativeUrl: false);
-
+            
             var alreadyConfirmed = account.UnconfirmedEmailAddress == null;
 
             ConfirmationViewModel model;
             if (!alreadyConfirmed)
             {
-                MessageService.SendNewAccountEmail(new MailAddress(account.UnconfirmedEmailAddress, account.Username), confirmationUrl);
+                SendNewAccountEmail(account);
 
                 model = new ConfirmationViewModel(account)
                 {
@@ -106,14 +104,16 @@ public virtual ActionResult ConfirmationRequiredPost(string accountName = null)
             return View(model);
         }
 
+        protected abstract void SendNewAccountEmail(User account);
+
         [UIAuthorize(allowDiscontinuedLogins: true)]
-        public virtual async Task<ActionResult> Confirm(string username, string token)
+        public virtual async Task<ActionResult> Confirm(string accountName, string token)
         {
             // We don't want Login to go to this page as a return URL
             // By having this value present in the dictionary BUT null, we don't put "returnUrl" on the Login link at all
             ViewData[Constants.ReturnUrlViewDataKey] = null;
 
-            var account = GetAccount(username);
+            var account = GetAccount(accountName);
 
             if (account == null
                 || ActionsRequiringPermissions.ManageAccount.CheckPermissions(GetCurrentUser(), account)
@@ -236,8 +236,7 @@ public virtual async Task<ActionResult> ChangeEmail(TAccountViewModel model)
 
             if (account.Confirmed)
             {
-                var confirmationUrl = Url.ConfirmEmail(account.Username, account.EmailConfirmationToken, relativeUrl: false);
-                MessageService.SendEmailChangeConfirmationNotice(new MailAddress(account.UnconfirmedEmailAddress, account.Username), confirmationUrl);
+                SendEmailChangedConfirmationNotice(account);
 
                 TempData["Message"] = Messages.EmailUpdatedWithConfirmationRequired;
             }
@@ -249,6 +248,8 @@ public virtual async Task<ActionResult> ChangeEmail(TAccountViewModel model)
             return RedirectToAction(AccountAction);
         }
 
+        protected abstract void SendEmailChangedConfirmationNotice(User account);
+
         [HttpPost]
         [UIAuthorize]
         [ValidateAntiForgeryToken]
@@ -283,7 +284,7 @@ protected virtual TUser GetAccount(string accountName)
         protected virtual ActionResult AccountView(TUser account, TAccountViewModel model = null)
         {
             if (account == null
-                || ActionsRequiringPermissions.ManageAccount.CheckPermissions(GetCurrentUser(), account)
+                || ActionsRequiringPermissions.ViewAccount.CheckPermissions(GetCurrentUser(), account)
                     != PermissionsCheckResult.Allowed)
             {
                 return new HttpStatusCodeResult(HttpStatusCode.Forbidden, Strings.Unauthorized);
@@ -301,6 +302,9 @@ protected virtual void UpdateAccountViewModel(TUser account, TAccountViewModel m
             model.Account = account;
             model.AccountName = account.Username;
 
+            model.CanManage = ActionsRequiringPermissions.ManageAccount.CheckPermissions(
+                GetCurrentUser(), account) == PermissionsCheckResult.Allowed;
+
             model.CuratedFeeds = CuratedFeedService
                 .GetFeedsForManager(account.Key)
                 .Select(f => f.Name)
diff --git a/src/NuGetGallery/Controllers/OrganizationsController.cs b/src/NuGetGallery/Controllers/OrganizationsController.cs
index 914ff58dd6..b0a7a418d3 100644
--- a/src/NuGetGallery/Controllers/OrganizationsController.cs
+++ b/src/NuGetGallery/Controllers/OrganizationsController.cs
@@ -3,6 +3,7 @@
 
 using System.Linq;
 using System.Net;
+using System.Net.Mail;
 using System.Threading.Tasks;
 using System.Web.Mvc;
 using NuGetGallery.Authentication;
@@ -33,6 +34,19 @@ public OrganizationsController(
             EmailUpdatedWithConfirmationRequired = Strings.OrganizationEmailUpdatedWithConfirmationRequired
         };
 
+        protected override void SendNewAccountEmail(User account)
+        {
+            var confirmationUrl = Url.ConfirmOrganizationEmail(account.Username, account.EmailConfirmationToken, relativeUrl: false);
+
+            MessageService.SendNewAccountEmail(new MailAddress(account.UnconfirmedEmailAddress, account.Username), confirmationUrl);
+        }
+
+        protected override void SendEmailChangedConfirmationNotice(User account)
+        {
+            var confirmationUrl = Url.ConfirmOrganizationEmail(account.Username, account.EmailConfirmationToken, relativeUrl: false);
+            MessageService.SendEmailChangeConfirmationNotice(new MailAddress(account.UnconfirmedEmailAddress, account.Username), confirmationUrl);
+        }
+
         [HttpGet]
         [UIAuthorize]
         public virtual ActionResult ManageOrganization(string accountName)
diff --git a/src/NuGetGallery/Controllers/UsersController.cs b/src/NuGetGallery/Controllers/UsersController.cs
index be05fcde87..09b9cb63a2 100644
--- a/src/NuGetGallery/Controllers/UsersController.cs
+++ b/src/NuGetGallery/Controllers/UsersController.cs
@@ -6,6 +6,7 @@
 using System.Globalization;
 using System.Linq;
 using System.Net;
+using System.Net.Mail;
 using System.Threading.Tasks;
 using System.Web.Mvc;
 using NuGetGallery.Areas.Admin;
@@ -60,6 +61,19 @@ public UsersController(
             EmailUpdatedWithConfirmationRequired = Strings.UserEmailUpdatedWithConfirmationRequired
         };
 
+        protected override void SendNewAccountEmail(User account)
+        {
+            var confirmationUrl = Url.ConfirmEmail(account.Username, account.EmailConfirmationToken, relativeUrl: false);
+
+            MessageService.SendNewAccountEmail(new MailAddress(account.UnconfirmedEmailAddress, account.Username), confirmationUrl);
+        }
+
+        protected override void SendEmailChangedConfirmationNotice(User account)
+        {
+            var confirmationUrl = Url.ConfirmEmail(account.Username, account.EmailConfirmationToken, relativeUrl: false);
+            MessageService.SendEmailChangeConfirmationNotice(new MailAddress(account.UnconfirmedEmailAddress, account.Username), confirmationUrl);
+        }
+
         protected override User GetAccount(string accountName)
         {
             var currentUser = GetCurrentUser();
diff --git a/src/NuGetGallery/NuGetGallery.csproj b/src/NuGetGallery/NuGetGallery.csproj
index 97c1e6f93d..1006065845 100644
--- a/src/NuGetGallery/NuGetGallery.csproj
+++ b/src/NuGetGallery/NuGetGallery.csproj
@@ -2175,7 +2175,7 @@
     <Content Include="Views\web.config" />
     <Content Include="Views\_ViewStart.cshtml" />
     <Content Include="Views\Errors\InternalError.cshtml" />
-    <Content Include="Views\Users\Confirm.cshtml" />
+    <Content Include="Views\Shared\Confirm.cshtml" />
     <Content Include="Views\Users\Thanks.cshtml" />
     <Content Include="Views\Users\Profiles.cshtml" />
     <Content Include="Views\Authentication\Register.cshtml" />
diff --git a/src/NuGetGallery/Scripts/gallery/page-manage-organization.js b/src/NuGetGallery/Scripts/gallery/page-manage-organization.js
index 11a0af64bd..33274555b0 100644
--- a/src/NuGetGallery/Scripts/gallery/page-manage-organization.js
+++ b/src/NuGetGallery/Scripts/gallery/page-manage-organization.js
@@ -77,6 +77,9 @@
                     success: function () {
                         parent.Error(null);
                         parent.Members.remove(self);
+                        if (self.IsCurrentUser) {
+                            document.location.href = "/";
+                        }
                     },
                     error: function (jqXHR, textStatus, errorThrown) {
                         var error = "Unknown error when trying to delete member '" + self.Username + "'.";
@@ -93,7 +96,7 @@
                 var data = {
                     accountName: self.OrganizationViewModel.AccountName,
                     memberName: self.Username,
-                    isAdmin: self.IsAdmin()
+                    isAdmin: self.IsAdmin(),
                 };
                 addAntiForgeryToken(data);
 
@@ -103,9 +106,12 @@
                     type: 'POST',
                     dataType: 'json',
                     data: data,
-                    success: function () {
+                    success: function (data) {
                         parent.Error(null);
                         parent.UpdateMemberCounts();
+                        if (self.IsCurrentUser) {
+                            window.location.reload();
+                        }
                     },
                     error: function (jqXHR, textStatus, errorThrown) {
                         var error = "Unknown error when trying to update member '" + self.Username + "'.";
@@ -113,6 +119,7 @@
                             error = jqXHR.responseJSON;
                         }
                         parent.Error(error);
+                        self.IsAdmin(!self.IsAdmin())
                     }
                 });
             };
diff --git a/src/NuGetGallery/Services/ActionsRequiringPermissions.cs b/src/NuGetGallery/Services/ActionsRequiringPermissions.cs
index e67fda9e2e..e36bf46b83 100644
--- a/src/NuGetGallery/Services/ActionsRequiringPermissions.cs
+++ b/src/NuGetGallery/Services/ActionsRequiringPermissions.cs
@@ -94,5 +94,12 @@ public static class ActionsRequiringPermissions
         public static ActionRequiringAccountPermissions ManageAccount =
             new ActionRequiringAccountPermissions(
                 accountPermissionsRequirement: RequireOwnerOrOrganizationAdmin);
+
+        /// <summary>
+        /// The action of viewing (read-only) a user or organization account.
+        /// </summary>
+        public static ActionRequiringAccountPermissions ViewAccount =
+            new ActionRequiringAccountPermissions(
+                accountPermissionsRequirement: RequireOwnerOrOrganizationMember);
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/UrlExtensions.cs b/src/NuGetGallery/UrlExtensions.cs
index b1e3ae4ae3..879422e2a3 100644
--- a/src/NuGetGallery/UrlExtensions.cs
+++ b/src/NuGetGallery/UrlExtensions.cs
@@ -924,13 +924,28 @@ public static string ConfirmEmail(
         {
             var routeValues = new RouteValueDictionary
             {
-                ["username"] = username,
+                ["accountName"] = username,
                 ["token"] = token
             };
 
             return GetActionLink(url, "Confirm", "Users", relativeUrl, routeValues);
         }
 
+        public static string ConfirmOrganizationEmail(
+            this UrlHelper url,
+            string username,
+            string token,
+            bool relativeUrl = true)
+        {
+            var routeValues = new RouteValueDictionary
+            {
+                ["accountName"] = username,
+                ["token"] = token
+            };
+
+            return GetActionLink(url, "Confirm", "Organizations", relativeUrl, routeValues);
+        }
+
         public static string ResetEmailOrPassword(
             this UrlHelper url,
             string username,
diff --git a/src/NuGetGallery/ViewModels/AccountViewModel.cs b/src/NuGetGallery/ViewModels/AccountViewModel.cs
index 682faddd84..d5d5ac31ce 100644
--- a/src/NuGetGallery/ViewModels/AccountViewModel.cs
+++ b/src/NuGetGallery/ViewModels/AccountViewModel.cs
@@ -19,6 +19,8 @@ public bool IsOrganization
 
         public string AccountName { get; set; }
 
+        public bool CanManage { get; set; }
+
         public IList<string> CuratedFeeds { get; set; }
 
         public ChangeEmailViewModel ChangeEmail { get; set; }
diff --git a/src/NuGetGallery/Views/Organizations/_OrganizationAccountManageMembers.cshtml b/src/NuGetGallery/Views/Organizations/_OrganizationAccountManageMembers.cshtml
index 912293f75a..93199de291 100644
--- a/src/NuGetGallery/Views/Organizations/_OrganizationAccountManageMembers.cshtml
+++ b/src/NuGetGallery/Views/Organizations/_OrganizationAccountManageMembers.cshtml
@@ -24,20 +24,23 @@
 <script type="text/html" id="manage-members">
     <div class="col-md-12">
         <div class="panel-collapse collapse in" aria-expanded="true">
-            <div class="input-group col-md-12">
-                <div class="col-md-6">
-                    <input class="form-control" placeholder="Add existing NuGet.org user" data-bind="textInput: NewMemberUsername, submit: AddMember" aria-label="Enter username to add member" />
-                </div>
-                <div class="col-md-6">
-                    <select class="form-control col-md-2" data-bind="value: AddMemberRole, options: RoleNames" aria-label="Select new member role">
-                    </select>
-                </div>
-                <span class="input-group-btn">
-                    <button class="btn" type="submit" title="Add new member" name="Add new member" aria-label="Add" data-bind="click: AddMember">
-                        <span class="ms-Icon ms-Icon--AddFriend" aria-hidden="true"></span>
-                    </button>
-                </span>
-            </div><br />
+            @if (Model.CanManage)
+            {
+                <div class="input-group col-md-12">
+                    <div class="col-md-6">
+                        <input class="form-control" placeholder="Add existing NuGet.org user" data-bind="textInput: NewMemberUsername, submit: AddMember" aria-label="Enter username to add member"  />
+                    </div>
+                    <div class="col-md-6">
+                        <select class="form-control col-md-2" data-bind="value: AddMemberRole, options: RoleNames" aria-label="Select new member role">
+                        </select>
+                    </div>
+                    <span class="input-group-btn">
+                        <button class="btn" type="submit" title="Add new member" aria-label="Add new member" data-bind="click: AddMember">
+                            <span class="ms-Icon ms-Icon--AddFriend" aria-hidden="true"></span>
+                        </button>
+                    </span>
+                </div><br />
+            }
             <table class="table">
                 <tbody data-bind="foreach: Members">
                     <tr class="manage-members-listing">
@@ -55,19 +58,27 @@
                             <div data-bind="text: EmailAddress"></div>
                         </td>
                         <td class="align-middle member-username">
-                            <select class="form-control" aria-label="Change member role"
-                                    data-bind="disable: IsCurrentUser, value: SelectedRole, options: OrganizationViewModel.RoleNames, event: { change: ToggleIsAdmin }">
-                            </select>
-                        </td>
-                        <td class="text-right align-middle member-controls">
-                            <!-- ko if: !IsCurrentUser -->
-                            <span>
-                                <a class="btn" data-bind="click: DeleteMember, attr: { 'aria-label': 'Delete Member' }">
-                                    <i class="ms-Icon ms-Icon--Cancel" aria-hidden="true"></i>
-                                </a>
-                            </span>
-                            <!-- /ko -->
+                            @if (Model.CanManage)
+                            {
+                                <select class="form-control" aria-label="Change member role"
+                                        data-bind="value: SelectedRole, options: OrganizationViewModel.RoleNames, event: { change: ToggleIsAdmin }">
+                                </select>
+                            }
+                            else
+                            {
+                                <span data-bind="text: SelectedRole()"></span>
+                            }
                         </td>
+                        @if (Model.CanManage)
+                        {
+                            <td class="text-right align-middle member-controls">
+                                <span>
+                                    <a class="btn" data-bind="click: DeleteMember, attr: { 'aria-label': 'Delete Member' }">
+                                        <i class="ms-Icon ms-Icon--Cancel" aria-hidden="true"></i>
+                                    </a>
+                                </span>
+                            </td>
+                        }
                     </tr>
                 </tbody>
             </table>
diff --git a/src/NuGetGallery/Views/Users/Confirm.cshtml b/src/NuGetGallery/Views/Shared/Confirm.cshtml
similarity index 100%
rename from src/NuGetGallery/Views/Users/Confirm.cshtml
rename to src/NuGetGallery/Views/Shared/Confirm.cshtml
diff --git a/src/NuGetGallery/Views/Shared/_AccountChangeEmail.cshtml b/src/NuGetGallery/Views/Shared/_AccountChangeEmail.cshtml
index 9da1e4f921..941b6bdbac 100644
--- a/src/NuGetGallery/Views/Shared/_AccountChangeEmail.cshtml
+++ b/src/NuGetGallery/Views/Shared/_AccountChangeEmail.cshtml
@@ -60,4 +60,5 @@
                 }
             }
          </text>,
-         ViewData.ModelState.Keys.Any(x => x.StartsWith("ChangeEmail")))
\ No newline at end of file
+         ViewData.ModelState.Keys.Any(x => x.StartsWith("ChangeEmail")),
+         disabled: !Model.CanManage)
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml b/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml
index 34c953a3e1..af025c94fb 100644
--- a/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml
+++ b/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml
@@ -86,4 +86,5 @@
                     </div>
                 </div>
             }
-        </text>)
\ No newline at end of file
+        </text>,
+        disabled: !Model.CanManage)
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Shared/_AccountProfilePicture.cshtml b/src/NuGetGallery/Views/Shared/_AccountProfilePicture.cshtml
index 42633c86d0..3348fe1c54 100644
--- a/src/NuGetGallery/Views/Shared/_AccountProfilePicture.cshtml
+++ b/src/NuGetGallery/Views/Shared/_AccountProfilePicture.cshtml
@@ -34,5 +34,6 @@
         @Html.Raw(string.Format(@ViewBag.GravatarProfileMessage,
              GravatarLink("gravatar.com"),
              GravatarLink("Go to gravatar.com")))
-    </text>)
+    </text>,
+    disabled: !Model.CanManage)
 
diff --git a/src/NuGetGallery/Views/Users/Organizations.cshtml b/src/NuGetGallery/Views/Users/Organizations.cshtml
index d6d88d920e..2f63c3a112 100644
--- a/src/NuGetGallery/Views/Users/Organizations.cshtml
+++ b/src/NuGetGallery/Views/Users/Organizations.cshtml
@@ -47,12 +47,9 @@
                                     @organization.PackagesCount
                                 </td>
                                 <td class="text-right align-middle package-controls">
-                                    @if (organization.CurrentUserIsAdmin)
-                                    {
-                                        <a class="btn" href="@Url.ManageMyOrganization(organization.Username)" title="Edit Organization" aria-label="@("Edit Organization " + organization.Username)">
-                                            <i class="ms-Icon ms-Icon--Edit" aria-hidden="true"></i>
-                                        </a>
-                                    }
+                                    <a class="btn" href="@Url.ManageMyOrganization(organization.Username)" title="Edit Organization" aria-label="@("Edit Organization " + organization.Username)">
+                                        <i class="ms-Icon ms-Icon--Edit" aria-hidden="true"></i>
+                                    </a>
                                 </td>
                             </tr>
                         </tbody>
diff --git a/src/NuGetGallery/Views/Users/Transform.cshtml b/src/NuGetGallery/Views/Users/Transform.cshtml
index 3e6bf12649..f5fd1a5bec 100644
--- a/src/NuGetGallery/Views/Users/Transform.cshtml
+++ b/src/NuGetGallery/Views/Users/Transform.cshtml
@@ -51,7 +51,7 @@
                             <input type="submit" class="btn btn-primary form-control" value="Transform" />
                         </div>
                         <div class="col-md-6">
-                            <a href="#" role="button" class="btn btn-default form-control" id="cancel-transform">
+                            <a href="/" role="button" class="btn btn-default form-control" id="cancel-transform">
                                 Cancel
                             </a>
                         </div>
diff --git a/tests/NuGetGallery.Facts/Controllers/AccountsControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/AccountsControllerFacts.cs
index 55d91238bd..207f2a8aa9 100644
--- a/tests/NuGetGallery.Facts/Controllers/AccountsControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/AccountsControllerFacts.cs
@@ -472,7 +472,9 @@ public virtual void WhenIsNotConfirmed_SendsEmail()
                 account.EmailAddress = null;
 
                 // Act
-                var confirmationUrl = TestUtility.GallerySiteRootHttps + $"account/confirm/{account.Username}/confirmation";
+                var confirmationUrl = (account is Organization)
+                    ? TestUtility.GallerySiteRootHttps + $"organization/{account.Username}/Confirm?token=confirmation"
+                    : TestUtility.GallerySiteRootHttps + $"account/confirm/{account.Username}/confirmation";
                 var result = InvokeConfirmationRequiredPost(controller, account, confirmationUrl);
 
                 // Assert
diff --git a/tests/NuGetGallery.Facts/Controllers/OrganizationsControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/OrganizationsControllerFacts.cs
index 563bbe0b57..aec6d9c7c4 100644
--- a/tests/NuGetGallery.Facts/Controllers/OrganizationsControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/OrganizationsControllerFacts.cs
@@ -28,7 +28,7 @@ protected override User GetCurrentUser(OrganizationsController controller)
             // Note general account tests are in the base class. Organization-specific tests are below.
 
             [Fact]
-            public void WhenCurrentUserIsCollaborator_ReturnsForbidden()
+            public void WhenCurrentUserIsCollaborator_ReturnsReadOnly()
             {
                 // Arrange
                 var controller = GetController();
@@ -36,11 +36,11 @@ public void WhenCurrentUserIsCollaborator_ReturnsForbidden()
                 controller.SetCurrentUser(Fakes.OrganizationCollaborator);
 
                 // Act
-                var result = InvokeAccount(controller) as HttpStatusCodeResult;
+                var result = InvokeAccount(controller);
 
                 // Assert
-                Assert.NotNull(result);
-                Assert.Equal((int)HttpStatusCode.Forbidden, result.StatusCode);
+                var model = ResultAssert.IsView<OrganizationAccountViewModel>(result, "ManageOrganization");
+                Assert.False(model.CanManage);
             }
 
             [Fact]
diff --git a/tests/NuGetGallery.Facts/Telemetry/ClientTelemetryPIIProcessorTests.cs b/tests/NuGetGallery.Facts/Telemetry/ClientTelemetryPIIProcessorTests.cs
index 85d53e541b..6d1787a143 100644
--- a/tests/NuGetGallery.Facts/Telemetry/ClientTelemetryPIIProcessorTests.cs
+++ b/tests/NuGetGallery.Facts/Telemetry/ClientTelemetryPIIProcessorTests.cs
@@ -147,7 +147,7 @@ public static IEnumerable<string[]> PIIUrlDataGenerator()
                 yield return new string[] { "packages/{id}/owners/{username}/reject/{token}", $"https://localhost/packages/pack1/owners/user1/reject/sometoken", $"https://localhost/packages/pack1/owners/ObfuscatedUserName/reject/sometoken" };
                 yield return new string[] { "packages/{id}/owners/{username}/cancel/{token}", $"https://localhost/packages/pack1/owners/user1/cancel/sometoken", $"https://localhost/packages/pack1/owners/ObfuscatedUserName/cancel/sometoken" };
 
-                yield return new string[] { "account/confirm/{username}/{token}", $"https://localhost/account/confirm/user1/sometoken", $"https://localhost/account/confirm/ObfuscatedUserName/sometoken" };
+                yield return new string[] { "account/confirm/{accountName}/{token}", $"https://localhost/account/confirm/user1/sometoken", $"https://localhost/account/confirm/ObfuscatedUserName/sometoken" };
                 yield return new string[] { "account/delete/{accountName}", "https://localhost/account/delete/user1", $"https://localhost/account/delete/ObfuscatedUserName" };
 
                 yield return new string[] { "profiles/{username}", $"https://localhost/profiles/user1", $"https://localhost/profiles/ObfuscatedUserName" };