grails · alvarosanchez · Aug 30, 2019 · Jun 4, 2018
diff --git a/...-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy b/...-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy
@@ -17,6 +17,7 @@
 package grails.plugin.springsecurity.rest
 
 import grails.plugin.springsecurity.annotation.Secured
+import grails.plugin.springsecurity.rest.authentication.RestAuthenticationEventPublisher
 import grails.plugin.springsecurity.rest.error.CallbackErrorHandler
 import grails.plugin.springsecurity.rest.token.AccessToken
 import grails.plugin.springsecurity.rest.token.rendering.AccessTokenJsonRenderer
@@ -48,7 +49,7 @@ class RestOauthController {
     TokenStorageService tokenStorageService
     def tokenGenerator
     AccessTokenJsonRenderer accessTokenJsonRenderer
-
+    RestAuthenticationEventPublisher authenticationEventPublisher
     /**
      * Starts the OAuth authentication flow, redirecting to the provider's Login URL. An optional callback parameter
      * allows the frontend application to define the frontend callback URL on demand.
@@ -135,6 +136,8 @@ class RestOauthController {
                 AccessToken accessToken = tokenGenerator.generateAccessToken(principal, false)
                 accessToken.refreshToken = refreshToken
 
+                authenticationEventPublisher.publishTokenCreation(accessToken)
+
                 response.addHeader 'Cache-Control', 'no-store'
                 response.addHeader 'Pragma', 'no-cache'
                 render contentType: 'application/json', encoding: 'UTF-8',  text:  accessTokenJsonRenderer.generateJson(accessToken)

diff --git a/...ity-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy b/...ity-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy
@@ -16,9 +16,15 @@
  */
 package grails.plugin.springsecurity.rest
 
+import grails.plugin.springsecurity.rest.authentication.RestAuthenticationEventPublisher
 import grails.plugin.springsecurity.rest.error.DefaultCallbackErrorHandler
+import grails.plugin.springsecurity.rest.token.AccessToken
+import grails.plugin.springsecurity.rest.token.generation.TokenGenerator
+import grails.plugin.springsecurity.rest.token.storage.TokenStorageService
 import grails.testing.web.controllers.ControllerUnitTest
 import groovy.transform.InheritConstructors
+import org.springframework.security.core.userdetails.User
+import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.security.core.userdetails.UsernameNotFoundException
 import spock.lang.Issue
 import spock.lang.Specification
@@ -117,6 +123,27 @@ class RestOauthControllerSpec extends Specification implements ControllerUnitTes
         String expectedUrl = getExpectedUrl(caughtException, INTERNAL_SERVER_ERROR.value())
         response.redirectedUrl == expectedUrl
     }
+
+    void "it publishes RestTokenCreationEvent's"() {
+        given:
+        TokenStorageService stubbedTokenStorageService = Stub(TokenStorageService)
+        stubbedTokenStorageService.loadUserByToken(_) >> new User('foo', '', [])
+        controller.tokenStorageService = stubbedTokenStorageService
+
+        def stubbedTokenGenerator = [ generateAccessToken: { u,b -> new AccessToken('accessToken') }]
+        controller.tokenGenerator = stubbedTokenGenerator
+
+        controller.authenticationEventPublisher = Mock(RestAuthenticationEventPublisher)
+
+        when:
+        params.grant_type = 'refresh_token'
+        params.refresh_token = 'refresh_token'
+        request.method = 'POST'
+        controller.accessToken()
+
+        then:
+        1 * controller.authenticationEventPublisher.publishTokenCreation(_)
+    }
 }
 
 @InheritConstructors