Add pre_login hook similar to post_authorize hook

I think this is a great feature. Patch applies cleanly and works as advertised.

A couple of comments:

- Do you think $account should also be passed in as an argument? Whether the account exists may be useful info in some circumstances. (Although I can't think of any off the top of my head.)

- In the API example, can we use a value we know will exist, like $userinfo['email']? I was a little confused by what $userinfo['hd'] was supposed to be.

Thanks a lot for this!

Patch applies. I further tested it by implementing a hook with the example code and it all checks out.

Great work. I would love to see this committed!

@illeace I came across an issue unrelated to your patch while testing: #2590875: Missing $userinfo check results in account being created with no user information. A side effect of this problem when your patch is applied is that $userinfo['email'] is empty in your watchdog message:

Login denied for via pre-login hook.

 
If you have time to pop over there and test the other patch it would be much appreciated.

I did a review and tested the patch, it's especially helpful if you'd like to perform an additional validation before login, for instance against the organization inside GitHub for the user trying to login. The patch worked without any issues, however comment https://www.drupal.org/node/2559543#comment-10446399 is still valid, but it's outside of the scope here.

Also tested this with a custom module implementing the hook to check the email domain. Works well. My testing did not trigger the issues reported with empty $userinfo['email'] - the watchdog messages contained the user email. Would be great to get this committed.

Thanks!

For consistency with the D8 version, the hook is now called hook_openid_connect_pre_authorize. Those using this patch will need to rename their existing hook functions. That was the only change I did.