Correctly handle array of routes for a method

Was previously failing as follows because an array
has no "callbacks" property.

oauth2-server/lib/oauth2server.js:217
  app.routes[method].callbacks.forEach(lockdownExpress3);
                                 ^
TypeError: Cannot call method 'forEach' of undefined
  at OAuth2Server.lockdown (oauth2-server/lib/oauth2server.js:217:36)

Author: towynlin

lib/oauth2server.js

@@ -213,7 +213,9 @@ OAuth2Server.prototype.lockdown = function (app) {
 
   if (app.routes) {
     for (var method in app.routes) {
-      app.routes[method].callbacks.forEach(lockdownExpress3);
+      app.routes[method].forEach(function (route) {
+        lockdownExpress3(route.callbacks);
+      });
     }
   } else {
     app._router.stack.forEach(lockdownExpress4);

test/lockdown.js

@@ -86,4 +86,34 @@ describe('Lockdown pattern', function() {
       .get('/public')
       .expect(200, /hello/i, done);
   });
+
+  describe('in express 3', function () {
+    var app, privateAction, publicAction;
+
+    beforeEach(function () {
+      privateAction = function () {};
+      publicAction = function () {};
+
+      // mock express 3 app
+      app = {
+        routes: {
+          get: [
+            { callbacks: [ privateAction ] }
+          ]
+        }
+      };
+
+      app.oauth = oauth2server({ model: {} });
+      app.routes.get.push({ callbacks: [ app.oauth.bypass, publicAction ] })
+      app.oauth.lockdown(app);
+    });
+
+    it('adds authorise to non-bypassed routes', function () {
+      app.routes.get[0].callbacks[1].should.equal(privateAction);
+    });
+
+    it('removes oauth.bypass from bypassed routes', function () {
+      app.routes.get[1].callbacks[0].should.equal(publicAction);
+    });
+  });
 });