diff --git a/admin/securedrop_admin/__init__.py b/admin/securedrop_admin/__init__.py index 4a50a106eb8..4107c44c1ff 100755 --- a/admin/securedrop_admin/__init__.py +++ b/admin/securedrop_admin/__init__.py @@ -444,6 +444,19 @@ def update_config(self): self.save() self.validate_gpg_keys() self.validate_journalist_alert_email() + self.validate_https_and_v3() + return True + + def validate_https_and_v3(self): + """ + Checks if https is enabled with v3 onion service. + + :returns: False if both v3 and https enabled, True otherwise. + """ + if self.config.get("v3_onion_services", False) and \ + self.config.get("securedrop_app_https_certificate_cert_src"): + print("Hello we need the message") + return False return True def check_for_v2_onion(self): diff --git a/admin/tests/test_securedrop-admin.py b/admin/tests/test_securedrop-admin.py index f127bdc54e3..e654e55dc0b 100644 --- a/admin/tests/test_securedrop-admin.py +++ b/admin/tests/test_securedrop-admin.py @@ -1041,3 +1041,22 @@ def test_find_or_generate_new_torv3_keys_subsequent_run(tmpdir, capsys): v3_onion_service_keys = json.load(f) assert v3_onion_service_keys == old_keys + + +def test_v3_and_https_cert_message(tmpdir, capsys): + args = argparse.Namespace(site_config='UNKNOWN', + ansible_path='tests/files', + app_path=dirname(__file__)) + site_config = securedrop_admin.SiteConfig(args) + site_config.config = {"v3_onion_services": False, + "securedrop_app_https_certificate_cert_src": "ab.crt"} # noqa: E501 + # This should return True as v3 is not setup + assert site_config.validate_https_and_v3() + + # This should return False as v3 and https are both setup + site_config.config.update({"v3_onion_services": True}) + assert not site_config.validate_https_and_v3() + + # This should return True as https is not setup + site_config.config.update({"securedrop_app_https_certificate_cert_src": ""}) # noqa: E501 + assert site_config.validate_https_and_v3()