Hey,

I just upgraded our app from 2.5.7 to 2.6.1 and app.user stopped working in Twig. This must be introduced in #11690 where the SecurityContext got splitted.

Not working:

{{ dump(app.user) }}

Working:

{{ dump(app.security.token.user) }}

Digging deeper leads to security.token_storage not returning any token in the getUser() method from Symfony\Bundle\FrameworkBundle\Templating\GlobalVariables whereas it's returning a valid token in the SC. The TokenStorage gets declared locally in the SC's constructor for $oldSignature. So it's cannot be the same as the global service's one. Shouldn't the constructor use the security.token_storage to retrieve the token storage instead of creating it's own? Otherwise the GlobalVariables should be reverted to use the SC to retrieve the token.

(There's one speciality in our app: We're using an extended SecurityContext which reads an additional secret stored in the user client (cookie) without touching any existing methods. As far as I understand the BC code, this shouldn't make a difference.)

I hope @iltar can clear things up.

Cheers
Matthias