diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 954a18e877..abb1df4bcd 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -1,8 +1,10 @@
 <?php
 /**
+ * @copyright Copyright (c) 2017, Sandro Lutz <sandro.lutz@temparus.ch>
  * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com>
  * @copyright Copyright (c) 2016, ownCloud, Inc.
  *
+ * @author Sandro Lutz <sandro.lutz@temparus.ch>
  * @author Christoph Wurst <christoph@owncloud.com>
  * @author Joas Schilling <coding@schilljs.com>
  * @author Lukas Reschke <lukas@statuscode.ch>
@@ -44,6 +46,7 @@ use OCP\IURLGenerator;
 use OCP\IUser;
 use OCP\IUserManager;
 use OCP\IUserSession;
+use OC\Hooks\PublicEmitter;
 
 class LoginController extends Controller {
 	/** @var IUserManager */
@@ -214,6 +217,10 @@ class LoginController extends Controller {
 			return $this->generateRedirect($redirect_url);
 		}
 
+		if ($this->userManager instanceof PublicEmitter) {
+			$this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
+		}
+
 		$originalUser = $user;
 		// TODO: Add all the insane error handling
 		/* @var $loginResult IUser */
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 705ca95210..c03cbd5891 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -1,7 +1,9 @@
 <?php
 /**
+ * @copyright Copyright (c) 2017, Sandro Lutz <sandro.lutz@temparus.ch>
  * @copyright Copyright (c) 2016, ownCloud, Inc.
  *
+ * @author Sandro Lutz <sandro.lutz@temparus.ch>
  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  * @author Bernhard Posselt <dev@bernhard-posselt.com>
  * @author Christoph Wurst <christoph@owncloud.com>
@@ -332,6 +334,10 @@ class Session implements IUserSession, Emitter {
 								OC\Security\Bruteforce\Throttler $throttler) {
 		$currentDelay = $throttler->sleepDelay($request->getRemoteAddress(), 'login');
 
+		if ($this->manager instanceof PublicEmitter) {
+			$this->manager->emit('\OC\User', 'preLogin', array($user, $password));
+		}
+
 		$isTokenPassword = $this->isTokenPassword($password);
 		if (!$isTokenPassword && $this->isTokenAuthEnforced()) {
 			throw new PasswordLoginForbiddenException();
@@ -476,7 +482,6 @@ class Session implements IUserSession, Emitter {
 	 * @throws LoginException if an app canceld the login process or the user is not enabled
 	 */
 	private function loginWithPassword($uid, $password) {
-		$this->manager->emit('\OC\User', 'preLogin', array($uid, $password));
 		$user = $this->manager->checkPassword($uid, $password);
 		if ($user === false) {
 			// Password check failed
@@ -527,8 +532,6 @@ class Session implements IUserSession, Emitter {
 			// Ignore and use empty string instead
 		}
 
-		$this->manager->emit('\OC\User', 'preLogin', array($uid, $password));
-
 		$user = $this->manager->get($uid);
 		if (is_null($user)) {
 			// user does not exist