Why do you want to have User.password
at all?
case class User(
id: Pk[Long] = NotAssigned,
email: String,
passwordHash: String
)
object User {
// or maybe Option[User] or Try[User]
def create(email: String, password: String): Option[Long] = {
val passwordHash = hashPassword(hash)
val newUser = User(email, passwordHash)
// save newUser to DB
}
// you may want to distinguish between "no such email" and "wrong password"
// in which case you'd have something like Either[PasswordCheckFailure, User]
def checkPassword(email: String, password: String): Option[User] = {
val possibleUser: Option[User] = // get user by email
possibleUser.filter(_.passwordHash = hashPassword(password))
}
private def hashPassword(password: String): String = ...
}
You may want to have a salt as well, see e.g. https://crackstation.net/hashing-security.htm. In this case you either store it in the same field as password or add another field:
case class User(
id: Pk[Long] = NotAssigned,
email: String,
passwordHash: String,
passwordSalt: String = // generate random string
)