Only clear flood attempts when necessary during user login

This is stacked on 🐛 Flood database backend ::isAllowed() should call ::ensureTableExists() Fixed due to the performance test changes, but the runtime code changes are independent.

Adding screenshots from local performance test traces showing the DELETE query disappears.

Makes sense. LGTM.

Also makes sense to me, can't really see this making a difference in the real world but if it can make tests slightly faster then all the better.

Committed and pushed 8e5acc674b to 11.x and 595dce06b7 to 10.2.x. Thanks!

Found some more queries to get rid of :) 📌 Optimize user logins by avoiding duplicate entity queries Needs work .

Just one database query is usually a millisecond or so, but the more we get rid of, the easier it is to see any other extraneous queries on top. I think I'm up to 3-4 now including two entity queries, which could end up 10ms or so off logins.

Looks good, but one typo nit in the docs:

bu -> but

(https://git.drupalcode.org/project/drupal/-/commit/8e5acc674b6394a83249f...)

Automatically closed - issue fixed for 2 weeks with no activity.

Checking isAllowed() with threshold = 1 causes the logs to fill up with Flood control blocked login attempt for uid %uid from %ip messages for all users who try to log in from the second (or more, below threshold) attempt. This is because UserFloodSubscriber::blockedUser() is called on every FALSE result of isAllowed() calls. Should this be addressed in another issue?