Flood database backend ::isAllowed() should call ::ensureTableExists()

Created on 21 December 2023, about 1 year ago
Updated 26 February 2024, 10 months ago

Problem/Motivation

Found via 📌 Add database query spans to otel traces Needs review .

Drupal uses the flood system for user logins.

The database flood backend lazy-creates the database table (using the same pattern as cache tables) which is good.

However, it only does this on writes, not selects.

For cache this is fine because cache misses usually result in a cache write, however a successful login only ever queries the flood table, it never writes to it. This means the flood table stays un-created on new sites until someone gets their password wrong, meaning schema queries against the flood table to check if it's there or not. On logins with the standard profile, this happens once in Flood::isAllowed() and twice after a successful login.

At some point someone will get their password wrong, or the flood table will be used for something else, but until then it's extra database queries every user login.

Steps to reproduce

Proposed resolution

Create the flood database table in Flood::isAllowed() too.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Before:

After:

🐛 Bug report
Status

Fixed

Version

10.2

Component
Base 

Last updated 1 day ago

Created by

🇬🇧United Kingdom catch

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024