Disable options for other peoples clients.

app/Support/Twig/General.php

@@ -49,6 +49,7 @@ class General extends AbstractExtension
             $this->mimeIcon(),
             $this->markdown(),
             $this->floatval(),
+            $this->phpHostName(),
         ];
     }
 
@@ -91,6 +92,24 @@ class General extends AbstractExtension
         );
     }
 
+    /**
+     * Show URL host name
+     *
+     * @return TwigFilter
+     */
+    protected function phpHostName(): TwigFilter
+    {
+        return new TwigFilter(
+            'phphost',
+            static function (string $string): string {
+                $proto = (string)parse_url($string, PHP_URL_SCHEME);
+                $host  = (string)parse_url($string, PHP_URL_HOST);
+
+                return e(sprintf('%s://%s', $proto, $host));
+            }
+        );
+    }
+
     /**
      * Used to convert 1024 to 1kb etc.
      *

resources/lang/en_US/firefly.php

@@ -232,7 +232,9 @@ return [
 
     // API access
     'authorization_request'                               => 'Firefly III v:version Authorization Request',
-    'authorization_request_intro'                         => '<strong>:client</strong> is requesting permission to access your financial administration. Would you like to authorize <strong>:client</strong> to access these records?',
+    'authorization_request_intro'                         => 'Application "<strong>:client</strong>" is requesting permission to access your financial administration. Would you like to authorize <strong>:client</strong> to access these records?',
+    'authorization_request_site'                          => 'You will be redirected to <code>:url</code> which will then be able to access your Firefly III data.',
+    'authorization_request_invalid'                       => 'This access request is invalid. Please never follow this link again.',
     'scopes_will_be_able'                                 => 'This application will be able to:',
     'button_authorize'                                    => 'Authorize',
     'none_in_select_list'                                 => '(none)',

resources/views/vendor/passport/authorize.twig

@@ -56,10 +56,21 @@
                         {{ trans('firefly.authorization_request', {version: config('firefly.version')}) }}
                     </div>
                     <div class="panel-body">
-                        <!-- Introduction -->
+                        {% if client.user.id == user.id %}
                         <p>
                             {{ trans('firefly.authorization_request_intro', {client: client.name|escape})|raw }}
                         </p>
+                        <p>
+                            {{ trans('firefly.authorization_request_site', {url: client.redirect|phphost})|raw }}
+                        </p>
+                        {% endif %}
+
+                        {% if client.user.id != user.id %}
+                        <p class="text-danger">
+                            {{ 'authorization_request_invalid'|_ }}
+
+                        </p>
+                        {% endif %}
                         <!-- Scope List -->
                         {% if scopes|length > 0 %}
                             <div class="scopes">
@@ -75,6 +86,7 @@
 
                         <div class="buttons">
                             <!-- Authorize Button -->
+                            {% if client.user.id == user.id %}
                             <form method="post" action="{{ route('index') }}/oauth/authorize">
                                 {{ csrf_field() }}
 
@@ -82,6 +94,7 @@
                                 <input type="hidden" name="client_id" value="{{ client.id }}">
                                 <button type="submit" class="btn btn-success btn-approve">{{ 'button_authorize'|_ }}</button>
                             </form>
+                            {% endif %}
 
                             <!-- Cancel Button -->
                             <form method="post" action="{{ route('index') }}/oauth/authorize">