Prep 8.0.0 release

CHANGELOG.md

@@ -1,3 +1,19 @@
+## 8.0.0 (2023-03-02)
+New:
+- The `RequestValidationHelper` for `Twilio.AspNet.Core` now has async an async version to validate HTTP requests: `IsValidRequestAsync`.
+
+Enhancements:
+- `Twilio.AspNet.Core` automatically updates configuration for Twilio request validation and Twilio clients when the underlying configuration sources are updated without requiring an application restart.
+- `Twilio.AspNet.Core` validates the configuration when invoking `AddTwilioClient` and `AddTwilioRequestValidation`.
+- `AddTwilioClient` and `AddTwilioRequestValidation` have more overloads to configure these features as desired.
+- The request validation filters and middleware now load the form asynchronously.
+- Updated `Twilio` dependency to 6.2.4.
+
+Breaking changes:
+- The `AllowLocal` setting for request validation filters and middleware, now defaults to `false` instead of `true`.  ⚠️ Only use this during development, as this will make your application vulnerable to Server-Side Request Forgery.
+- The overloads for `AddTwilioClient` where you could provide a lambda to provide an `HttpClient` have been removed. To customize the `HttpClient`, override the HTTP client factory with name "Twilio", after invoking `AddTwilio`. See [README.md](./README.md#customize-the-http-client). 
+- The `Twilio.AspNet.Core` library dropped support for .NET versions prior to .NET 6, as these versions no longer supported by Microsoft.
+
 ## 7.0.0 (2022-11-18)
 New:
 - The new `ValidateTwilioRequest` extension method and `ValidateTwilioRequestFilter` adds Twilio request validation to your endpoints and Minimal APIs, only for ASP.NET Core 7.

README.md

@@ -10,7 +10,7 @@ This library helps you respond to webhooks, adds the Twilio client to the depend
 [![NuGet Badge](https://buildstats.info/nuget/Twilio.AspNet.Core)](https://www.nuget.org/packages/Twilio.AspNet.Core/) 
 ### Requirements
 
-Requires .NET (Core) 2.0 or later.
+Requires .NET 6.0 or later.
 
 ### Installation
 Run the following command to install the package using the .NET CLI:
@@ -253,16 +253,23 @@ builder.Services
 > We recommend using the [Secrets Manager](https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets) for local development.
 > Alternatively, you can use environment variables, a vault service, or other more secure techniques.
 
-#### Use your own HTTP client
+#### Customize the HTTP client
 
-By default when you call `.AddTwilioClient`, an HTTP client factory is configured that is used to provide an `HttpClient` to the Twilio REST client. If you'd like to provide your own HTTP client, you can do so by providing a callback like this:
+By default when you call `.AddTwilioClient`, an HTTP client factory is configured that is used to provide an `HttpClient` to the Twilio REST client. 
+If you'd like to customize this HTTP client, you can do so by overriding the "Twilio" HTTP client factory, after invoking `.AddTwilioClient`:
 
 ```csharp
-using Twilio.AspNet.Core;
-
-var builder = WebApplication.CreateBuilder(args);
-
-builder.Services.AddTwilioClient(provider => new HttpClient())
+builder.Services.AddTwilioClient();
+builder.Services.AddHttpClient("Twilio")
+    .ConfigureHttpClient(client =>
+    {
+        client.BaseAddress = new Uri("YOUR_PROXY_ADDRESS");
+    })
+    .ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler
+    {
+        // same options as the Twilio C# SDK
+        AllowAutoRedirect = false
+    });
 ```
 
 ### Validate Twilio HTTP requests
@@ -305,6 +312,30 @@ A couple of notes about the configuration:
 - `AllowLocal` will skip validation when the HTTP request originated from localhost. ⚠️ Only use this during development, as this will make your application vulnerable to Server-Side Request Forgery.
 - Use `BaseUrlOverride` in case your app is behind a reverse proxy or a tunnel like ngrok. The path of the current request will be appended to the `BaseUrlOverride` for request validation.
 
+> **Info**
+> Instead of configuring the `BaseUrlOverride`, you can use the forwarded headers middleware to set the correct scheme, port, host, etc. on the current HTTP request.
+
+```csharp
+using Microsoft.AspNetCore.HttpOverrides;
+using Twilio.AspNet.Core;
+
+var builder = WebApplication.CreateBuilder(args);
+
+builder.Services.AddTwilioRequestValidation();
+builder.Services.Configure<ForwardedHeadersOptions>(options => options.ForwardedHeaders = ForwardedHeaders.All);
+// more service configuration
+
+var app = builder.Build();
+
+app.UseForwardedHeaders();
+
+// more request pipeline configuration
+
+app.Run();
+```
+
+As a result, you don't have to configure `BaseUrlOverride` whenever you restart ngrok, or change reverse proxy URLs. Follow [Microsoft's guidance to configure the forwarded header middleware](https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer#forwarded-headers-middleware-options) securely.
+
 You can also manually configure the request validation:
 
 ```csharp

src/Twilio.AspNet.Core.UnitTests/Twilio.AspNet.Core.UnitTests.csproj

@@ -5,15 +5,15 @@
     <Nullable>disable</Nullable>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.2" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.11.0" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.3" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.5.0" />
     <PackageReference Include="Moq" Version="4.16.1" />
     <PackageReference Include="xunit" Version="2.4.1" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="coverlet.collector" Version="3.1.0">
+    <PackageReference Include="coverlet.collector" Version="3.2.0">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

src/Twilio.AspNet.Core/Twilio.AspNet.Core.csproj

@@ -27,12 +27,12 @@
     <ContinuousIntegrationBuild>true</ContinuousIntegrationBuild>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Twilio" Version="6.2.2" />
+    <PackageReference Include="Twilio" Version="6.2.4" />
     <PackageReference Include="Twilio.AspNet.Common" Version="0.0.0-alpha" />
 
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="7.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="7.0.2" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="7.0.3" />
 
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1">
       <PrivateAssets>all</PrivateAssets>

src/Twilio.AspNet.Mvc.UnitTests/Twilio.AspNet.Mvc.UnitTests.csproj

@@ -26,7 +26,7 @@
     <ItemGroup>
         <PackageReference Include="Castle.Core" Version="5.1.1" />
         <PackageReference Include="Moq" Version="4.18.4" />
-        <PackageReference Include="Twilio" Version="6.2.2" />
+        <PackageReference Include="Twilio" Version="6.2.4" />
         <PackageReference Include="xunit" Version="2.4.2" />
         <PackageReference Include="xunit.abstractions" Version="2.0.3" />
         <PackageReference Include="xunit.analyzers" Version="1.1.0" />

src/Twilio.AspNet.Mvc/Twilio.AspNet.Mvc.csproj

@@ -27,36 +27,36 @@
         <ContinuousIntegrationBuild>true</ContinuousIntegrationBuild>
     </PropertyGroup>
     <ItemGroup>
-        <Reference Include="System"/>
-        <Reference Include="System.ComponentModel.Composition"/>
+        <Reference Include="System" />
+        <Reference Include="System.ComponentModel.Composition" />
         <Reference Include="System.Configuration">
             <HintPath>..\..\..\..\..\..\..\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.7.1\System.Configuration.dll</HintPath>
         </Reference>
-        <Reference Include="System.Core"/>
-        <Reference Include="System.IO.Compression"/>
-        <Reference Include="System.Net"/>
-        <Reference Include="System.Numerics"/>
-        <Reference Include="System.Web"/>
-        <Reference Include="System.Xml.Linq"/>
-        <Reference Include="System.Data.DataSetExtensions"/>
-        <Reference Include="Microsoft.CSharp"/>
-        <Reference Include="System.Data"/>
-        <Reference Include="System.Net.Http"/>
-        <Reference Include="System.Xml"/>
+        <Reference Include="System.Core" />
+        <Reference Include="System.IO.Compression" />
+        <Reference Include="System.Net" />
+        <Reference Include="System.Numerics" />
+        <Reference Include="System.Web" />
+        <Reference Include="System.Xml.Linq" />
+        <Reference Include="System.Data.DataSetExtensions" />
+        <Reference Include="Microsoft.CSharp" />
+        <Reference Include="System.Data" />
+        <Reference Include="System.Net.Http" />
+        <Reference Include="System.Xml" />
     </ItemGroup>
     <ItemGroup>
-        <None Include="..\..\icon.png" Pack="true" PackagePath="\"/>
-        <None Include="..\..\README.md" Pack="true" PackagePath="\"/>
+        <None Include="..\..\icon.png" Pack="true" PackagePath="\" />
+        <None Include="..\..\README.md" Pack="true" PackagePath="\" />
     </ItemGroup>
     <ItemGroup>
-        <PackageReference Include="Twilio" Version="6.2.2"/>
-        <PackageReference Include="Twilio.AspNet.Common" Version="0.0.0-alpha"/>
+        <PackageReference Include="Twilio" Version="6.2.4" />
+        <PackageReference Include="Twilio.AspNet.Common" Version="0.0.0-alpha" />
         <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
-        <PackageReference Include="Microsoft.AspNet.Mvc" Version="5.2.9"/>
-        <PackageReference Include="NuGet.Build.Tasks.Pack" Version="6.4.0">
+        <PackageReference Include="Microsoft.AspNet.Mvc" Version="5.2.9" />
+        <PackageReference Include="NuGet.Build.Tasks.Pack" Version="6.5.0">
             <PrivateAssets>all</PrivateAssets>
         </PackageReference>
     </ItemGroup>

src/testapps/AspNetCore/AspNetCore.csproj

@@ -12,7 +12,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
-
+  
 </Project>

src/testapps/AspNetCore/Program.cs

@@ -11,35 +11,22 @@
 
 builder.Services.Configure<ForwardedHeadersOptions>(options => options.ForwardedHeaders = ForwardedHeaders.All);
 
-// Add services to the container.
-builder.Services.AddControllersWithViews();
+builder.Services.AddControllers();
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
 
 var app = builder.Build();
 
-// Configure the HTTP request pipeline.
 app.UseForwardedHeaders();
 
-if (!app.Environment.IsDevelopment())
-{
-    app.UseExceptionHandler("/Home/Error");
-    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
-    app.UseHsts();
-}
-else
-{
-    app.UseSwagger();
-    app.UseSwaggerUI();
-}
+app.UseSwagger();
+app.UseSwaggerUI();
 
 app.UseHttpsRedirection();
 app.UseStaticFiles();
 
 app.UseRouting();
 
-app.UseAuthorization();
-
 app.MapControllerRoute(
     name: "default",
     pattern: "{controller=Home}/{action=Index}/{id?}");