DOC Create new users with random passwords

silverstripe · Oct 16, 2023 · 1ab8624 · 1ab8624
1 parent a8c656f
commit 1ab8624
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/en/04_Changelogs/5.2.0.md b/en/04_Changelogs/5.2.0.md
@@ -9,6 +9,7 @@ title: 5.2.0 (unreleased)
 - [Features and enhancements](#features-and-enhancements)
   - [New ORM features](#new-orm-features)
   - [ErrorPage allowed codes configuration](#errorpage-allowed-codes-configuration)
+  - [Create random passwords for new users](#create-random-passwords-for-new-users)
   - [Other new features](#other-new-features)
 - [API changes](#api-changes)
 - [Bug fixes](#bug-fixes)
@@ -87,7 +88,13 @@ SilverStripe\ErrorPage\ErrorPage:
     - 500
 ```
 
-### Other new features
+### Create random passwords for new users
+
+If a new user is created in the security section of the CMS with an empty password, then a strong random password will now be automatically assigned to the user which will not be visible to the person creating the user. The user will need to click the "I've forgotten my password" link in order to receive a password reset email so they can then enter their own password.
+
+This is a behavioural change from the change introduced in Silverstripe CMS 5.1 where blank passwords were disallowed when creating a new user. Prior to that, blank passwords were allowed though users were unable to log in using them when the default Silverstripe member authenticator was used.
+
+This only applies to users created through the security section of the CMS. Users created programatically with an empty password will not have a random password automatically assigned to them. This is the current behaviour and is often used for non-production purposes such as unit-testing.
 
 ## API changes