add option to configure enrollment token duration

crates/defguard_core/src/handlers/mod.rs

@@ -330,6 +330,7 @@ pub struct StartEnrollmentRequest {
     #[serde(default)]
     pub send_enrollment_notification: bool,
     pub email: Option<String>,
+    pub token_expiration_time: Option<String>,
 }
 
 #[derive(Deserialize, Serialize, ToSchema)]

crates/defguard_core/src/handlers/user.rs

@@ -5,6 +5,7 @@ use axum::{
     http::StatusCode,
 };
 use defguard_mail::{Mail, templates};
+use humantime::parse_duration;
 use serde_json::json;
 
 use super::{
@@ -428,13 +429,24 @@ pub async fn start_enrollment(
     debug!("Create a new database transaction to save a new enrollment token into the database.");
     let mut transaction = appstate.pool.begin().await?;
 
+    // try to parse token expiration time if provided
     let config = server_config();
+    let token_expiration_time_seconds = match data.token_expiration_time {
+        Some(time) => parse_duration(&time)
+            .map_err(|err| {
+                error!("Failed to parse token expiration time {time}: {err}");
+                WebError::BadRequest("Failed to parse token expiration time".to_owned())
+            })?
+            .as_secs(),
+        None => config.enrollment_token_timeout.as_secs(),
+    };
+
     let enrollment_token = user
         .start_enrollment(
             &mut transaction,
             &session.user,
             data.email,
-            config.enrollment_token_timeout.as_secs(),
+            token_expiration_time_seconds,
             config.enrollment_url.clone(),
             data.send_enrollment_notification,
             appstate.mail_tx.clone(),