Add instructions to unlock an account

Originally submitted at
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6578.
Signed-off-by: Rémy Coutable <remy@rymai.me>

doc/security/README.md

@@ -10,6 +10,7 @@ comments: false
 - [Webhooks and insecure internal web services](webhooks.md)
 - [Information exclusivity](information_exclusivity.md)
 - [Reset your root password](reset_root_password.md)
+- [Unlock a locked user](unlock_user.md)
 - [User File Uploads](user_file_uploads.md)
 - [How we manage the CRIME vulnerability](crime_vulnerability.md)
 - [Enforce Two-factor authentication](two_factor_authentication.md)

doc/security/reset_root_password.md

@@ -37,4 +37,4 @@ Don't forget to save the changes.
 user.save!
 ```
 
-Exit the console and try to login with your new password.
\ No newline at end of file
+Exit the console and try to login with your new password.

doc/security/unlock_user.md

+# How to unlock a locked user
+
+Log into your server with root privileges. Then start a Ruby on Rails console.
+
+Start the console with this command:
+
+```bash
+gitlab-rails console production
+```
+
+Wait until the console has loaded.
+
+There are multiple ways to find your user. You can search for email or username.
+
+```bash
+user = User.where(id: 1).first
+```
+
+or
+
+```bash
+user = User.find_by(email: 'admin@local.host')
+```
+
+Unlock the user:
+
+```bash
+user.unlock_access!
+```
+
+Exit the console, the user should now be able to log in again.