Merge #2866

2866: Improve tokens (add ipranges) r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Allow multiple IP addresses/networks to be set for tokens.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>

core/admin/mailu/internal/nginx.py

@@ -40,10 +40,13 @@ def check_credentials(user, password, ip, protocol=None, auth_port=None, source_
             return True
     if utils.is_app_token(password):
         for token in user.tokens:
-            if (token.check_password(password) and
-                (not token.ip or token.ip == ip)):
+            if token.check_password(password):
+                if not token.ip or utils.is_ip_in_subnet(ip, token.ip):
                     app.logger.info(f'Login attempt for: {user}/{protocol}/{auth_port} from: {ip}/{source_port}: success: token-{token.id}: {token.comment or ""!r}')
                     return True
+                else:
+                    app.logger.info(f'Login attempt for: {user}/{protocol}/{auth_port} from: {ip}/{source_port}: failed: badip: token-{token.id}: {token.comment or ""!r}')
+                    return False # we can return directly here since the token is valid
     if user.check_password(password):
         app.logger.info(f'Login attempt for: {user}/{protocol}/{auth_port} from: {ip}/{source_port}: success: password')
         return True