gchq · JR40159 · Apr 9, 2025 · Apr 2, 2025 · Apr 3, 2025 · Apr 3, 2025
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -53,7 +53,7 @@
     "lodash-es": "^4.17.21",
     "mjml": "5.0.0-alpha.6",
     "mongodb": "^6.15.0",
-    "mongoose": "7.8.6",
+    "mongoose": "8.13.1",
     "mongoose-delete": "^1.0.2",
     "morgan": "^1.10.0",
     "nanoid": "^5.1.5",

diff --git a/backend/src/connectors/authorisation/base.ts b/backend/src/connectors/authorisation/base.ts
@@ -1,7 +1,7 @@
 import { AccessRequestDoc } from '../../models/AccessRequest.js'
 import { FileInterface } from '../../models/File.js'
 import { EntryVisibility, ModelDoc } from '../../models/Model.js'
-import { ReleaseDoc } from '../../models/Release.js'
+import { ReleaseDoc, ReleaseInterface } from '../../models/Release.js'
 import { ResponseDoc } from '../../models/Response.js'
 import { SchemaDoc } from '../../models/Schema.js'
 import { UserInterface } from '../../models/User.js'
@@ -178,7 +178,7 @@ export class BasicAuthorisationConnector {
   async releases(
     user: UserInterface,
     model: ModelDoc,
-    releases: Array<ReleaseDoc>,
+    releases: Array<ReleaseDoc | ReleaseInterface>,
     action: ReleaseActionKeys,
   ): Promise<Array<Response>> {
     // We don't have any specific roles dedicated to releases, so we pass it through to the model authorisation checker.

diff --git a/backend/src/models/Token.ts b/backend/src/models/Token.ts
@@ -1,6 +1,6 @@
 import bcrypt from 'bcryptjs'
 import { createHash } from 'crypto'
-import { model, Schema } from 'mongoose'
+import { model, ObjectId, Schema } from 'mongoose'
 import MongooseDelete, { SoftDeleteDocument } from 'mongoose-delete'
 
 import { BadReq } from '../utils/error.js'
@@ -53,6 +53,8 @@ export type HashTypeKeys = (typeof HashType)[keyof typeof HashType]
 // It should be used for plain object representations, e.g. for sending to the
 // client.
 export interface TokenInterface {
+  _id: ObjectId
+
   user: string
   description: string
 

diff --git a/backend/src/services/token.ts b/backend/src/services/token.ts
@@ -127,22 +127,22 @@ export async function validateTokenForUse(token: TokenDoc | undefined, action: T
 
   if (token.scope === TokenScope.Models) {
     return {
-      id: token._id,
+      id: token._id.toString(),
       success: false,
       info: 'This token must not have model restrictions for this endpoint',
     }
   }
 
   if (token.actions && !token.actions.includes(action)) {
     return {
-      id: token._id,
+      id: token._id.toString(),
       success: false,
       info: 'This token may not be used for this action',
     }
   }
 
   return {
-    id: token._id,
+    id: token._id.toString(),
     success: true,
   }
 }