Add latest changes from gitlab-org/gitlab@master

2 files changed, 31 insertions, 6 deletions

diff --git a/doc/security/README.md b/doc/security/README.md
index bbc7db54b14..f8b9e423c04 100644
--- a/doc/security/README.md
+++ b/doc/security/README.md
@@ -12,7 +12,7 @@ type: index
 - [Rate limits](rate_limits.md)
 - [Webhooks and insecure internal web services](webhooks.md)
 - [Information exclusivity](information_exclusivity.md)
-- [Reset your root password](reset_root_password.md)
+- [Reset user password](reset_user_password.md)
 - [Unlock a locked user](unlock_user.md)
 - [User File Uploads](user_file_uploads.md)
 - [How we manage the CRIME vulnerability](crime_vulnerability.md)
diff --git a/doc/security/reset_root_password.md b/doc/security/reset_user_password.md
index cd2144698f6..bc8de882afe 100644
--- a/doc/security/reset_root_password.md
+++ b/doc/security/reset_user_password.md
@@ -2,9 +2,9 @@
 type: howto
 ---
 
-# How to reset your root password
+# How to reset user password
 
-To reset your root password, first log into your server with root privileges.
+To reset the password of a user, first log into your server with root privileges.
 
 Start a Ruby on Rails console with this command:
 
@@ -14,18 +14,22 @@ gitlab-rails console -e production
 
 Wait until the console has loaded.
 
-There are multiple ways to find your user. You can search for email or username.
+## Find the user
+
+There are multiple ways to find your user. You can search by email or user ID number.
 
 ```shell
-user = User.where(id: 1).first
+user = User.where(id: 7).first
 ```
 
 or
 
 ```shell
-user = User.find_by(email: 'admin@example.com')
+user = User.find_by(email: 'user@example.com')
 ```
 
+## Reset the password
+
 Now you can change your password:
 
 ```shell
@@ -35,6 +39,14 @@ user.password_confirmation = 'secret_pass'
 
 It's important that you change both password and password_confirmation to make it work.
 
+When using this method instead of the [Users API](../api/users.md#user-modification), GitLab sends an email to the user stating that the user changed their password.
+
+If the password was changed by an administrator, execute the following command to notify the user by email:
+
+```shell
+user.send_only_admin_changed_your_password_notification!
+```
+
 Don't forget to save the changes.
 
 ```shell
@@ -43,6 +55,19 @@ user.save!
 
 Exit the console and try to login with your new password.
 
+NOTE: **Note:**
+Passwords can also be reset via the [Users API](../api/users.md#user-modification)
+
+### Reset your root password
+
+The steps described above can also be used to reset the root password. But first, identify the root user, with an `id` of `1`. To do so, run the following command:
+
+```shell
+user = User.where(id: 1).first
+```
+
+After finding the user, follow the steps mentioned in the [Reset the password](#reset-the-password) section to reset the password of the root user.
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues