2 files changed, 4 insertions, 3 deletions

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index b6add48ef61..981e781472f 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -215,6 +215,8 @@ class LoginController extends Controller {
 			return $this->generateRedirect($redirect_url);
 		}
 
+		$this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
+
 		$originalUser = $user;
 		// TODO: Add all the insane error handling
 		/* @var $loginResult IUser */
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index dcda825b9db..7f7c8182baa 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -319,6 +319,8 @@ class Session implements IUserSession, Emitter {
 								OC\Security\Bruteforce\Throttler $throttler) {
 		$currentDelay = $throttler->sleepDelay($request->getRemoteAddress());
 
+		$this->manager->emit('\OC\User', 'preLogin', array($user, $password));
+
 		$isTokenPassword = $this->isTokenPassword($password);
 		if (!$isTokenPassword && $this->isTokenAuthEnforced()) {
 			throw new PasswordLoginForbiddenException();
@@ -463,7 +465,6 @@ class Session implements IUserSession, Emitter {
 	 * @throws LoginException if an app canceld the login process or the user is not enabled
 	 */
 	private function loginWithPassword($uid, $password) {
-		$this->manager->emit('\OC\User', 'preLogin', array($uid, $password));
 		$user = $this->manager->checkPassword($uid, $password);
 		if ($user === false) {
 			// Password check failed
@@ -513,8 +514,6 @@ class Session implements IUserSession, Emitter {
 			// Ignore and use empty string instead
 		}
 
-		$this->manager->emit('\OC\User', 'preLogin', array($uid, $password));
-
 		$user = $this->manager->get($uid);
 		if (is_null($user)) {
 			// user does not exist