doveauth: allow more than one invite token

chatmaild/src/chatmaild/doveauth.py

@@ -28,13 +28,17 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
             f"blocked account creation because {NOCREATE_FILE!r} exists."
         )
         return False
-    if cleartext_password.startswith(config.invite_token):
-        password_length = len(cleartext_password) - len(config.invite_token)
-    else:
-        logging.warning(
-            f"blocked account creation because password didn't contain invite token(s)."
-        )
-        return False
+    password_length = len(cleartext_password)
+    if config.invite_token:
+        for inv_token in config.invite_token.split():
+            if cleartext_password.startswith(inv_token):
+                password_length = len(cleartext_password) - len(inv_token)
+                break
+        else:
+            logging.warning(
+                f"blocked account creation because password didn't contain invite token(s)."
+            )
+            return False
 
     if password_length < config.password_min_length:
         logging.warning(

chatmaild/src/chatmaild/tests/test_doveauth.py

@@ -71,6 +71,9 @@ def test_dont_overwrite_password_on_wrong_login(dictproxy):
         (False, False, "asdf", "z9873240187420913798"),
         (False, True, "", "dsaiujfw9fjiwf9w"),
         (False, False, "asdf", "z987324018742asdf0913798"),
+        (False, True, "as df", "asj0wiefkj0ofkeefok"),
+        (False, True, "as df", "dfj0wiefkj0ofkeefok"),
+        (False, False, "as df", "j0wiefkj0ofas dfkeefok"),
         (True, False, "asdf", "asdfmosadkdkfwdofkw"),
         (True, False, "asdf", "z9873240187420913798"),
         (True, False, "", "dsaiujfw9fjiwf9w"),