Fixes #4677 warns admin if v3 and https both are enabled

admin/securedrop_admin/__init__.py

@@ -444,6 +444,19 @@ def update_config(self):
         self.save()
         self.validate_gpg_keys()
         self.validate_journalist_alert_email()
+        self.validate_https_and_v3()
+        return True
+
+    def validate_https_and_v3(self):
+        """
+        Checks if https is enabled with v3 onion service.
+
+        :returns: False if both v3 and https enabled, True otherwise.
+        """
+        if self.config.get("v3_onion_services", False) and \
+                self.config.get("securedrop_app_https_certificate_cert_src"):
+            print("Hello we need the message")
+            return False
         return True
 
     def check_for_v2_onion(self):

admin/tests/test_securedrop-admin.py

@@ -1041,3 +1041,22 @@ def test_find_or_generate_new_torv3_keys_subsequent_run(tmpdir, capsys):
         v3_onion_service_keys = json.load(f)
 
     assert v3_onion_service_keys == old_keys
+
+
+def test_v3_and_https_cert_message(tmpdir, capsys):
+    args = argparse.Namespace(site_config='UNKNOWN',
+                              ansible_path='tests/files',
+                              app_path=dirname(__file__))
+    site_config = securedrop_admin.SiteConfig(args)
+    site_config.config = {"v3_onion_services": False,
+                          "securedrop_app_https_certificate_cert_src": "ab.crt"}  # noqa: E501
+    # This should return True as v3 is not setup
+    assert site_config.validate_https_and_v3()
+
+    # This should return False as v3 and https are both setup
+    site_config.config.update({"v3_onion_services": True})
+    assert not site_config.validate_https_and_v3()
+
+    # This should return True as https is not setup
+    site_config.config.update({"securedrop_app_https_certificate_cert_src": ""})  # noqa: E501
+    assert site_config.validate_https_and_v3()