use csrf only

src/server/middlewares/formValid.js

@@ -12,8 +12,7 @@ const formValid = (crowi) => {
 
     const errs = errObjArray.array().map((err) => {
       logger.error(`${err.param} in ${err.location}: ${err.msg}`);
-      const errrr = new ErrorV3(`${err.param}: ${err.msg}`, 'validation_failed');
-      return errrr;
+      return new ErrorV3(`${err.param}: ${err.msg}`, 'validation_failed');
     });
 
     return res.apiv3Err(errs);

src/server/routes/apiv3/user-group-relation.js

@@ -7,7 +7,6 @@ const express = require('express');
 const router = express.Router();
 
 const {
-  accessTokenParser,
   loginRequired,
   adminRequired,
 } = require('../../util/middlewares');
@@ -16,8 +15,6 @@ const {
 module.exports = (crowi) => {
   const { ErrorV3, UserGroup, UserGroupRelation } = crowi.models;
 
-  router.use('/', accessTokenParser(crowi));
-
   router.get('/', loginRequired(crowi), adminRequired(), async(req, res) => {
     // TODO: filter with querystring? or body
     try {

src/server/routes/apiv3/user-group.js

@@ -9,7 +9,6 @@ const router = express.Router();
 const { body, param, query } = require('express-validator/check');
 
 const {
-  accessTokenParser,
   csrfVerify,
   loginRequired,
   adminRequired,
@@ -21,8 +20,6 @@ module.exports = (crowi) => {
   const { ErrorV3, UserGroup, UserGroupRelation } = crowi.models;
   const { formValid } = require('../../middlewares');
 
-  router.use('/', accessTokenParser(crowi));
-
   router.get('/', loginRequired(crowi), adminRequired(), async(req, res) => {
     // TODO: filter with querystring
     try {