Skip to content

Add Zumper/PadMapper to shared credentials #885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Zumper/PadMapper to shared credentials #885

wants to merge 1 commit into from
+7 −0

Conversation

dloehr
Copy link

@dloehr dloehr commented Apr 18, 2025

Overall Checklist

for shared-credentials.json

  • There's evidence the domains are currently related (SSL certificates, DNS entries, valid links between sites, legal documents etc.)
  • If using shared, the new group serves login pages on each of the included domains, and those login pages accept accounts from the others. (For example, we wouldn't use a shared association from google.co.il to google.com, because google.co.il redirects to accounts.google.com for sign in.)
  • If using from and to, the new group, the from domain(s) redirect to the to domain to log in.
zumperrentals.com

Clicking log in on zumperrentals.com takes the user to zumper.com to log in:

zumperrentals.mov
zumper.com and padmapper.com

Evidence that zumper.com and padmapper.com share the same credential backend includes:

  1. Attempting to create an account on padmapper.com using an email address that already has an account gives the error message, "A PadMapper/Zumper user with this email already exists"
    image
  2. Signing in on either site redirects through all 3 sites, so that the user will be signed into the same account on all of them:
    image

@rmondello
Copy link
Contributor

@dloehr This change looks sensible to me, but one of our checks failed. Can you take a look and see if you want to make a change? (Let me know if something doesn’t make sense.)

Run ruby .github/workflows/lint-scripts/websites-shared-credentials-duplicates.rb
The domain 'zumper.com' appears more than once!

@dloehr
Copy link
Author

dloehr commented Apr 18, 2025

Thanks @rmondello. I can think of 3 possibilities, do any of them seem acceptable/preferable to you?

  1. Combine the 2 rules I'm adding into just 
    {
    "shared": [
        "padmapper.com",
        "zumper.com",
        "zumperrentals.com"
    ]
},
    That seems slightly incorrect to me, since zumperrentals.com redirects to zumper.com for authentication, and users no longer enter their credentials on zumperrentals.com
  2. Remove the zumperrentals.com rule altogether. zumperrentals.com only had its own sign in form (which shared a backend with zumper.com and padmapper.com) for about 4 months, so I think it's relatively unimportant to mention it here
  3. Adjust the lint rule from, "A domain may only be mentioned once across to, from, and shared" to "A domain may be mentioned either (1) in from only once or (2) up to once in each of shared and to"

@dloehr dloehr force-pushed the add-zumper-padmapper branch from ff96cf3 to 64f6f4c Compare May 5, 2025 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmondello rmondello rmondello approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dloehr @rmondello